Motivated by the subversion of trusted public parameters in mass-surveillance activities, we study the security of non-interactive zero-knowledge (NIZK) proofs in the presence of a maliciously chosen common reference string. We provide definitions for subversion-resistant soundness and zero knowledge. After showing that subversion-soundness is impossible for NIZKs, we construct a subversion-ZK proof system.We then turn to ZK-SNARKs (succinct non-interactive arguments of knowledge), which are NIZK systems with short and efficiently verifiable proofs, used e.g. in cryptocurrencies such as Zcash. We show that under plausible hardness assumptions, many SNARK schemes proposed in the literature are subversion-ZK or can be made at very little cost.