What I've seen missing from prominent cryptographers in discussion of the GHCQ's recent #backdoor proposal is the mention of how such a thing is less effective against free/libre software systems. The proposal involves adding a "ghost" user to E2E-encrypted conversations, which requires that the client silently encrypt to a third party. Such an antifeature couldn't just be committed to the project---it'd be too risky, since anyone could potentially find it.

Of course, there's still the issue of trusting binary distributions unless their builds are reproducible, and users who blindly download binaries without verifying signatures are also at risk. This emphasizes the importance of reproducible builds: a malicious actor isn't likely to commit code in plain view of the world; rather, they'll probably just distribute a modified binary and be dishonest about the corresponding source code.

https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate