I'd appreciate if others could add to the list.  I think it is similar to some of the things that we did when deciding how to moderate, what license to use and other policies when first setting it up and wanting to insure that certain things did not happen.

Ways to attack a corporate structure:

1. Make IPW a living hell to deal with because of the trolls.  (Look what one or two dedicated, unpaid individuals were able to do).  Then, buy out the shares of the top holders.  Voila.  Instant control.

2. If it is still possible to add new corporate members, then buy up enough shares, distributed amongst enough different people, to kick it over the 3?? shareowners threshold that forces the company public and subject to a slew of additional regulations and accounting issues.  That may take longer, but it will suck funds out of the coporation pretty darn quickly.

3. Sleepers who eventually begin posting clearly copyrighted material which cause legal attacks from more than one well-funded opponent.

4. I'm sure I could find a patent or two that the site violates.

5.  Variation of 1.  Just take it over.  Look what we did to the Yahoo SCOX and CKX boards.  If a large enough group of posters wanted to, they could easily take it over to the point where sharholders may own shares and be paying for it all, but they have no control.  It needn't even be a troll attack.  It could be hijacked for some other legitmate cause that most of us care little about or that most of us will end up on different sides of.  At that point, I can see people perhaps selling their shares in disgust.

Given that we are unlikely to make money, how do we raise funds after the initial stake is gone?  Will we continually issues shares year after year?  (If so, see problem 2.)  It's not even like we get enough page views that we can sell ads--which I'd hate to see anyway.

Distributed structure attack:

1.  see 3 above.  Post clear copyright violations.

2.  see 4 above.  Patent suit against each node.

3.  likely attacks on any synchronization protocol.  (What happens if I publish simultaneous comments at all nodes?  How do the nodes authenticate their content?  Can I break into that and poison it all?  How do they authenticate passwords?  Can I own one node, leave it alone and get enough info to then impersonate any poster--and with the distributed nature, disproving that it was you that posted could be very difficult.)

4. Volunteer to host a node and then try some of the tricks in 3.

Who gets access to the logs?  I'm serious.  I've been fascinated at what I can glean looking at the threenorth logs.  I don't publicize that except maybe a hit or two in an e-mail.  You can't let every shareholder access them, because that would effectively be no privacy whatsoever, which will drive many away.  Someone else suggested not logging IPs at all, but you may need them if you ever get a DDOS attack--or if someone does cross a legal line.

Who makes decisions that may require more than zero ratings?  Jeff has nuked spam posts.  He has removed a few truly obnoxious posts and/or diary.  If you have a copyright violation, you need to react quickly.  Some one or ones will need to be empowered to do that.  Who?  Who watches the watchers?  Can shareholders recind a decision if fifty percent disagree?

How do you count votes, if you are going to have shareholders involved in the day to day running?  I mean, in normal shareholder meetings, you announce the meeting, send out proxies, require a quorum the majority of the quorum carries the day.  If you are talking more than annual meetings, how far in advance must they be announced?  What happens when someone gets disinterested and simply leaves?  What happens if too many do and you can't get a quorum?  (Is that attack number 6?)