In backup, only upload to some servers immediately, and delay the rest for up to several days, with some uploads of chaff, to prevent collaborating evil servers from correlating related shards.

How many servers should be uploaded to immediately? The safe answer is at least M (--neededshares); that way the secret key does get backed up immediately.

Uploading to less would be more secure, but risks the user thinking it finished backing up the key, and eg, wiping their laptop. So careful messaging would be needed in this case.

Might just upload M-1 shares immediatly, and show a dialog saying, the backup will be completed next Wednesday, or click here to finish it now.

---

Also, when there are multiple chunks, they are currently uploaded in order. That could easily be shuffled, with server A getting its share of chunk 2 first, server B its share of chunk 3 first, etc.