> it makes me wonder what else might be going on in other projects right now
I hope this can be a lesson learned. A lot is going on. There are lots and lots of agencies (both government-funded in all countries as well as black market ones) with a mission to own backdoors. They're all well-funded. That's what they do.
It is frustrating to watch every HN thread related to backdoors filled with rejections of this possibility as paranoia or silly tinfoil hatting. As if it wasn't happening. Here's one concrete case that was caught. Countless others, not yet caught.
And think about this one: this was on an open source project, which makes it easier to catch. Still we got lucky. Now consider all the closed source products, where backdooring just means infiltrating and/or arm-twisting a single organization. This happens often. Nobody wants to believe it but it's common. Anyone who has worked on tech infrastructure companies has some stories. They are difficult to tell due to NDAs and worse, but it happens.
I hope this can be a lesson learned. A lot is going on. There are lots and lots of agencies (both government-funded in all countries as well as black market ones) with a mission to own backdoors. They're all well-funded. That's what they do.
It is frustrating to watch every HN thread related to backdoors filled with rejections of this possibility as paranoia or silly tinfoil hatting. As if it wasn't happening. Here's one concrete case that was caught. Countless others, not yet caught.
And think about this one: this was on an open source project, which makes it easier to catch. Still we got lucky. Now consider all the closed source products, where backdooring just means infiltrating and/or arm-twisting a single organization. This happens often. Nobody wants to believe it but it's common. Anyone who has worked on tech infrastructure companies has some stories. They are difficult to tell due to NDAs and worse, but it happens.