100%
GRIMOIRE
GrimoireDindon CorpusSynthesis VolumesThe Foundation of Iron
FRENAR
HUMAN
Structural Essay · July 2026 · Standalone Volume
◆◆◆
The Open-Washing
Anatomy of Commons Capture
◆ Asymmetry Disclosure — applies to this entire volume

This volume does not claim that every commercial use of open source software by a cloud provider constitutes a capture. It was modelled by an infrastructure architect, audited contradictorily by two artificial intelligences, drawing on verifiable public facts — documented licence changes, published commercial products, public contribution histories. It does not build a case around anyone's good or bad faith. It documents an asymmetry of value extraction, mechanism by mechanism, and proposes governance models explicitly owned as proposals, not established norms.

◆◆◆
Amine RAITI — Infrastructure Architect & SRE
Former engineering school professor · Teaching since 2006
Public document · CC BY-NC-SA 4.0
HUMAN
Reading Guide
What this volume will demonstrate, in order

This volume builds a three-stage chain: first, why a licence protects a right to read but never hardware control (Act I); then, six concrete and distinct mechanisms by which capture actually operates, from a documented licence change to the phantom contribution that quietly steers a project toward a single type of hardware (Act II); finally, a reconquest architecture built on levers directly correlated to each pillar — neutral governance, a ban on emulation, blackholing of telemetry — before establishing the explicit link with the hardware sovereignty demonstrated elsewhere in this collection (Act III).

◆ The thesis in one sentence

A licence protects a right to read. It protects neither the interface one imitates, nor the usage one observes from afar, nor the commit that quietly steers a project toward a single type of hardware, nor the maintainer one hires before even needing to fork anything at all.

ACT I — THE THESIS
I.1The Free DepositA licence protects a right to read, never hardware control
ACT II — THE DEMONSTRATION
II.0The Four ShiftsElastic, MongoDB, HashiCorp, Redis — one same documented pattern
II.1The Enclosure of the InterfacePillar A — the fork captures the code, emulation captures the gesture
II.2The Telemetry AsymmetryPillar B — who owns the feedback from production?
II.2bThe Suction of MindsWhen capture needs no commit at all
II.2cProprietary EntrenchmentThe code remains free, identity and encryption no longer are
II.3The Phantom ContributionPillar C — a seemingly legitimate commit can steer a project toward a single hardware
ACT III — THE RECONQUEST
III.1Neutral GovernanceA response to licence risk, nothing more — the limit of the Kubernetes case
III.2The Ban on EmulationResponse to Pillar A — requiring the real engine, not its imitation
III.2bDecoupling Identity/EncryptionIndependent OIDC, sovereign Vault
III.3Blackholing TelemetryResponse to Pillar B — cutting the outbound flow, observing internally
III.4The Link with HardwareCode sovereignty stops where rented silicon begins
HUMAN
I.1
A commons without matter remains a commons without defence
Code distributed freely, without control of the underlying computing power, becomes a free deposit

An open source licence guarantees one right: to read, modify, and redistribute source code. It guarantees no control over the physical infrastructure that runs it at scale. This distinction, rarely stated explicitly, produces a simple mathematical consequence: a community project whose usage value is expressed only in production, on machines it does not own, structurally becomes free raw material for whoever owns those machines in sufficient quantity.

◆ What the licence protects, and what it never protects

Permissive licences (Apache 2.0, MIT) and even classic copyleft licences (GPL) protect the freedom to modify and redistribute code. None of them impose a proportional economic contribution back from whoever exploits that code at industrial scale via a managed service — the licence regulates intellectual property, not the rent extracted from exploitation.

◆ Full legality, and the asymmetry it does not erase

Exploiting a permissively licensed project commercially is entirely legal, and is precisely the purpose of these licences. This volume documents a distinct asymmetry: when a hyperscaler's scale of exploitation becomes so massive that the value extracted exceeds, by several orders of magnitude, any contribution given back to the project's maintenance, the legal licence no longer suffices to describe the real balance of the relationship.

HUMAN
Act II — The Demonstration
The mechanics of expropriation, in three symmetrical pillars

Four public and documented licence changes introduce what this volume calls the mechanics of expropriation, before three distinct pillars each detail one precise mechanism: capture by interface, capture by usage, and capture from within the code itself.

HUMAN
II.0
Four licence shifts, one same pattern
Elastic, MongoDB, Redis, HashiCorp — licence change as a public signal of imbalance

In January 2021, Elastic switched Elasticsearch and Kibana from the Apache 2.0 licence to the Server Side Public Licence (SSPL), explicitly citing AWS's exploitation of the project via a competing managed service without proportional contribution back. MongoDB had made the same decision as early as 2018, itself introducing the SSPL licence for the same stated reason. HashiCorp switched Terraform and its other products from the Mozilla Public Licence to the Business Source Licence (BSL) in 2023. Redis did the same for its engine in 2024. In all four cases, the company behind the project publicly documents the same justification: a cloud provider exploits the project at a scale that generates significant rental value, without that value financing the maintenance of the commons in return.

◆ The Invisible Debt — a necessary reframing

An earlier study in this corpus, The Invisible Debt, documented the chronic underfunding of critical open source building blocks (curl, Log4j) — the tragedy of the commons in its classic sense: a resource shortfall. This volume documents a distinct, though related, mechanism: the problem is no longer the absence of funding, it is the existence of considerable value, generated by the project's industrial exploitation, that is structurally never given back to the entity maintaining the underlying human infrastructure. It is this asymmetry of extraction — not a shortfall in itself — that forces the shift toward more restrictive licences.

HUMAN
II.1
Pillar A · The Enclosure of the Interface
Two distinct mechanisms — forking the code, and emulating the gesture

A cloud provider can respond to a restrictive licence change in two technically distinct ways, which must never be conflated. Amazon OpenSearch is a fork in the strict sense: a copy of the Elasticsearch codebase predating the licence change, maintained and developed independently — the capture here concerns the source code itself, at a given point in time. Amazon DocumentDB is of a different nature: an emulation of MongoDB's network protocol (wire protocol), compatible with its drivers and commands, but resting on a distinct proprietary storage engine, sharing no line of MongoDB code. The capture then no longer concerns the code, but the developer's gesture, who continues to communicate in the same command language.

◆ What this compatibility actually captures

The gesture this compatibility captures is not the software engine — it is the entire set of habits, scripts, development tools, and integrations built by whole teams around a precise command vocabulary. An application written to speak « MongoDB » continues to run without modification on DocumentDB — which means migrating to another provider requires rewriting these integrations, even though the underlying engine has already changed once without the application team ever noticing.

◆ Total legality, an identical lock-in effect

No intellectual property rule forbids creating an interface compatible with a command format — interfaces are generally not protectable in the same way as the code itself. This pillar therefore does not document an illegality, but a lock-in functionally identical to that produced by proprietary code, achieved through a legally distinct path.

HUMAN
II.2
Pillar B · The Telemetry Asymmetry
A project improves through production use — who owns the feedback from production?

An open source project progresses partly through signals fed back by its real-world use in production: which code paths fail most often, which configurations degrade performance, which load volumes reveal limits unanticipated in the lab. A cloud provider hosting millions of managed instances of the same project accumulates this kind of signal at a scale no independent maintainer can reproduce on their own.

◆ What this exclusivity of signal produces

From this aggregated telemetry, the cloud provider develops a real diagnostic and predictive advantage — knowing before anyone else which configurations cause problems at scale, which internal optimisations deliver the most measurable gains. This advantage informs its own internal engineering choices and the roadmap of its competing managed service, with no obligation ever binding it to feed this same signal back to the source project.

◆ A structural information asymmetry

This mechanism rests on no breach of confidentiality — managed service telemetry data legitimately belongs to the service operator. The asymmetry documented here is structural: the community that produced the code has, by construction, no symmetrical access to the lessons learned from its exploitation at this scale.

◆ What this pillar does not claim

This pillar does not claim that cloud providers deliberately withhold information contractually owed to the community. It documents an asymmetry of scale: even assuming complete good faith, no structural mechanism today ensures that the knowledge accumulated through industrial exploitation benefits the maintenance of the source project in return.

HUMAN
II.2b
What the code never shows
The suction of minds — when capture needs no commit at all
◆ A fourth mechanism, invisible in the code

It is not always necessary to fork a project or emulate its interface: a cloud provider can simply hire the lead maintainer holding merge approval rights on the reference repository. This mechanism leaves no trace in the code's history — the acquisition targets not the software, but the person who decides what goes into it. This volume mentions it here as a mechanism distinct from the three pillars that follow, without claiming to analyse it with the same depth: unlike a licence change or a technical commit, an individual hire is neither systematically dated in public, nor attributable to a single intent — but its cumulative effect on a project's de facto governance deserves to be named.

HUMAN
II.2c
Proprietary Entrenchment
The code remains free — its identity and encryption roots no longer are

An organisation can scrupulously apply the measure documented in III.2 of this volume — refusing any managed emulation service, deploying a genuine open source engine (PostgreSQL, Kubernetes) on infrastructure it controls. A distinct capture mechanism nonetheless operates, at a different layer: that of identity and encryption.

◆ The native integration mechanism

The cloud provider offers a native, seemingly frictionless integration between this open source engine and its own identity management system (for example AWS IAM) and its own encryption key manager (for example AWS KMS). The engine's code remains intact and free — but user access rights and the keys protecting the data are now defined and held in proprietary systems distinct from the engine itself.

◆ What this integration makes non-portable

When the time comes to consider migrating this engine — genuinely free though it is — the organisation discovers that its access policies and encryption keys do not transfer with it: they belong to a distinct proprietary security ecosystem, which must be entirely rebuilt with any new provider. The freedom of the code never guaranteed the portability of what surrounds it.

HUMAN
II.3
Pillar C · The Phantom Contribution
A seemingly legitimate commit can steer a project toward a single type of hardware

Major cloud providers rank among the most active contributors to many leading open source projects, measured by commit volume. This volume of contribution is a public fact, verifiable in these projects' Git history. This pillar documents a specific subset of these contributions: those which, under cover of performance optimisation, introduce a functional dependency on a hardware or software component proprietary to the contributor.

◆ The verification protocol applicable to this mechanism

Verifying this mechanism requires cross-referencing three public elements: the employer affiliation of a commit's author account (declared, or inferable from the associated e-mail domain), the technical nature of the optimisation introduced (which hardware component or proprietary library it specifically targets), and the presence or absence of an equivalent code path for generic or competing hardware. An optimisation that only accelerates the project on a proprietary instruction set, or that only activates a high-performance mode in the presence of an encryption component specific to a single vendor, meets this criterion.

◆ The documented cumulative effect, without judging intent

The accumulation of this type of commit over several years produces a measurable effect independent of any individual intent: a project in which a growing share of optimised code paths specifically targets the infrastructure of a majority contributor runs, at equal performance, better on that infrastructure than on a generic or sovereign hardware base — creating a relative performance obsolescence on any hardware outside that ecosystem.

◆ What this pillar does not claim, and cannot establish alone

This pillar does not claim to establish any intent to harm on the part of the individual authors of these commits — a targeted optimisation can be proposed in good faith by an engineer simply seeking to improve performance on the environment they know best. What this pillar establishes is a structural cumulative effect, verifiable through analysis of the code's public history, independent of the intent behind each individual contribution.

HUMAN
Act III — The Reconquest
Three levers for three pillars — governance alone is not enough

Each pillar of Act II calls for a response of a different nature. Neutral governance answers the risk of licence change documented in the introduction to Act II — it answers neither capture by interface (Pillar A) nor telemetry asymmetry (Pillar B). This part adds the two missing architectural and material levers, before establishing the link with hardware sovereignty demonstrated elsewhere in this collection.

HUMAN
III.1
A single maintainer remains a single target
Neutral governance — a response to licence risk, nothing more

A project governed by a single commercial company presents a simple exposure structure: that company alone holds the power to change the licence under the pressure documented in the introduction to Act II. A project transferred to a neutral foundation — on the model of the Apache Software Foundation or the Cloud Native Computing Foundation — distributes this power among several member organisations, making a unilateral licence change more difficult.

◆ The strict limit of this lever — the Kubernetes case

Kubernetes is governed by the CNCF, an exemplary neutral foundation. This nonetheless in no way prevents Amazon (EKS) and Google (GKE) from capturing the massive usage telemetry of their respective managed services without giving it back to the project, nor from emulating or wrapping its interfaces to capture the developer's gesture. Neutral governance protects the licence — it protects against neither Pillar A nor Pillar B.

HUMAN
III.2
Answering the enclosure of the interface — banning emulation from internal standards
Direct response to Pillar A · Requiring the real engine, not its imitation

Facing the capture by emulation documented in Pillar A, an organisation can act directly on its own architecture standards, without waiting for any change in the market or in regulation.

◆ The concrete measure

Write into internal architecture standards a ban on using managed interface-emulation services (such as DocumentDB for a use case requiring MongoDB) in favour of the real engine, hosted on infrastructure the organisation controls — a virtual machine or physical server under its direct control. Using a fork governed by a neutral foundation (such as OpenSearch) remains compatible with this rule, since the capture it documents belongs to the licence pillar, not the interface one.

◆ What this measure costs, without hiding it

Giving up a managed emulation service means giving up part of the operational simplicity that service promises. It is an explicit trade-off between immediate operational comfort and medium-term technical reversibility — not a costless solution.

HUMAN
III.2b
Decoupling identity and encryption from the engine
Direct response to Proprietary Entrenchment (II.2c)
◆ The architectural measure

Facing the entrenchment documented in II.2c, the measure complementing the emulation ban (III.2) consists of imposing, within the same internal architecture standards, the systematic decoupling of identity management and encryption from any deployed open source engine — for example via an independent identity provider respecting the OIDC standard rather than the underlying cloud's proprietary system, and a self-hosted key management vault (such as HashiCorp Vault, before its own licence change documented in II.0, or an equivalent alternative) rather than the provider's native key manager. An open source engine whose access and encryption remain portable is genuinely free — a free engine whose identity and keys are entrenched with a single provider is free only in appearance.

HUMAN
III.3
Responding to the capture of visibility — cutting the flow, observing internally
Direct response to Pillar B · Blackholing outbound telemetry

Facing the telemetry asymmetry documented in Pillar B, an organisation can act on its own outbound network flows, independently of any change on the managed service provider's side.

◆ The concrete measure — blackholing via strict firewall rules

Configure strict firewall rules explicitly blocking (« blackholing ») any outbound telemetry flow toward the proprietary collection endpoints of third-party managed service vendors, while maintaining full observability internally. This measure does not deprive the organisation of its own operational visibility — it only deprives the external provider of access to that same visibility.

◆ The link with another volume in this collection

Another volume in this collection, The Diagnostic Amnesia, documented the erosion of internal causal-diagnosis competence, partly replaced by dependence on third-party observability tools. Blackholing outbound telemetry only makes sense coupled with this internal diagnostic competence restored — blocking an outbound flow without an internal capacity to read raw logs merely deprives the organisation of all visibility, external and internal alike.

HUMAN
III.4
Code sovereignty stops where rented silicon begins
The explicit link with the matter already demonstrated elsewhere in this collection

Another volume in this collection, The Cloud Illusion, demonstrated that no digital sovereignty is possible without mastery of the underlying hardware. This volume establishes the logical corollary for free software: code under a licence protected by the most neutral governance possible, run exclusively via managed services from the same actor whose capture mechanisms this volume documents, remains vulnerable to Pillars A and B — however solid its licence governance may be.

◆ What this volume does not claim to resolve alone

This volume does not claim that the three levers of this Reconquest, taken in isolation, each suffice to fully neutralise the mechanism they respond to. It establishes that sovereignty over the code, sovereignty over the interface, and sovereignty over operational visibility are three distinct conditions — none replacing the other two.

HUMAN
Closing
An asymmetry of extraction, a three-tier architecture of resistance
◆ The Thesis in One Sentence

A licence protects a right to read. It protects neither the interface one imitates, nor the usage one observes from afar, nor the commit that quietly steers a project toward a single type of hardware, nor the maintainer one hires before even needing to fork anything at all.

◆ Open Call — Human Pull Request

This volume is an open-source system awaiting real-world corrections. We explicitly invite any open source project maintainer who has lived through one of these mechanisms to document their experience, and to correct or enrich this anatomy.

◆◆◆

A commons without defence is not a commons protected by law. It is a free resource awaiting an operator large enough to harvest it at industrial scale.

◆◆◆
Amine RAITI · 2026