Digital ID is coming. Not in some distant dystopian future—it’s being rolled out right now across Europe, the UK, and beyond. Governments call it “modern infrastructure.” Privacy advocates call it what it is: a surveillance and control system that will touch every aspect of your life.

But here’s what most people miss: the technology itself isn’t the problem. It’s who controls it.

What if we could build the same system—convenient digital identity that works across services—but without the centralized control? What if we could turn the surveillance grid into a freedom grid?

That’s not theoretical. The technology exists. But whether it serves freedom or tyranny comes down to a single decision most people never think about: the software license.

The Threat Is Real

Financial experts now openly state that digital ID is the “foundation for central bank digital currencies”—it’s “nigh on impossible” to roll out a CBDC without it. Connect the dots: your identity tied to your money, both under centralized control, creating an integrated system that can monitor and potentially restrict your every transaction.

The World Economic Forum’s 2018 vision showed digital identity integrated into healthcare, finance, travel, commerce, and social platforms. Everything. Everywhere. All at once.

And before you say “that’s optional”—India’s Aadhaar was introduced as voluntary. It quickly became mandatory for banking, welfare, and mobile service. Without it, you’re excluded from society. In Greece, the “optional” EU digital ID app became required for sports stadium entry within months of launch.

“Optional” is a lie. Once the infrastructure exists, it becomes mandatory through soft coercion.

The pushback is happening—UK and Australian officials admit that “fear of government overreach and surveillance” is slowing rollout—but fear alone won’t stop this. We need alternatives.

The Alternative Exists

Self-sovereign identity (SSI) is the technical answer to centralized digital ID. Instead of governments or corporations holding your identity data in their databases, you hold it yourself in a cryptographic wallet. You prove who you are without surrendering control.

The core idea: decentralized identifiers and verifiable credentials, often built on blockchain or distributed ledgers, that let you prove claims about yourself (age, credentials, citizenship) without a central authority validating everything. No single database to hack. No central switch to flip off your identity. No gatekeeper with ultimate power.

This isn’t vaporware. The technology works. Projects are implementing it right now.

But—and this is critical—technology alone doesn’t guarantee freedom. Even a decentralized identity system can be captured and turned into a control mechanism if it’s implemented wrong.

This is where most people stop thinking. They assume “open source = good” and move on. But the devil is in the details, specifically, in the license.

Why License Choice Is Everything

Open source doesn’t mean free from control. It just means you can see the code.

What matters is what people can DO with that code.

There are two types of open source licenses:

Permissive Licenses (MIT, Apache, BSD)

These say: “Here’s the code, do whatever you want. Just credit us.”

Sounds great, right? Maximum freedom?

Wrong.

Permissive licenses give freedom to developers, not users. A government or corporation can take MIT-licensed code, add their own proprietary layers, lock it down, and now you have a closed system built on open foundations.

Your SSI project becomes their surveillance platform. You gave them the keys to build the prison.

Copyleft Licenses (GPL, AGPL)

These say: “Use this code freely, but if you distribute it or offer it as a service, you must keep it open under the same terms.”

This is reciprocity, not restriction. You can use GPL code for anything—including commercially, including in government systems—but you cannot close it off. If you build on it, your version must also be free.

This prevents capture.

If a government adopts GPL-licensed identity software, they must publish their code. If a corporation tries to build a proprietary service on it, they must keep it open. The community can audit it. Users can fork it. No one can monopolize it.

GPLv3 vs AGPL: The Real Protection

Not all copyleft licenses are equal. The GPL family has evolved to close specific loopholes.

GPLv3 (GNU General Public License version 3) prevents “tivoization”—where a company uses open source code but locks the device so you can’t run modified versions. If a government issues you a digital ID card with GPLv3 software, they must give you the ability to modify and run your own version. No cryptographic locks. No “you can see the code but not use your version.”

This is crucial: it means the state cannot technically enforce that only their approved version runs.

AGPLv3 (Affero GPL version 3) goes further. It closes the “network loophole.” If someone runs modified AGPL code on a server and offers it as a service (think: national ID verification system), they must provide the source code to users who interact with it.

This means a government can’t deploy a secret, modified version of your SSI system in the cloud. If they use AGPL code and offer it as a service, the public gets the source.

For a digital identity system that will inevitably involve both client apps and server infrastructure, AGPL is the strongest protection against the system being captured for surveillance.

Why This Matters More Than You Think

Some people say GPL is “restrictive” because it requires sharing modifications. But ask yourself: who’s complaining?

It’s the actors who want to take community work, close it off, and monetize it without giving back. Those are exactly the actors we want to keep away from identity infrastructure.

AGPL prevents Big Tech from exploiting open source projects. It prevents governments from building secret surveillance systems on community code. It keeps the playing field level.

Yes, this might slow adoption by some entities. That’s the point. We don’t want entities that require hidden control.

Building the Parallel System

Here’s the practical reality: digital ID is coming. You can’t vote it away. But you can build an alternative that governments and corporations cannot co-opt.

A parallel identity system built on:

  • Decentralized architecture (self-sovereign identity)
  • Open source code (transparency and auditability)
  • Copyleft licensing (AGPL to prevent capture)
  • User control (you hold your keys, your data, your identity)

This isn’t about convincing governments to be nice. It’s about making them irrelevant.

When people have access to identity infrastructure they actually control, the state system becomes just one option among many—and not a very appealing one.

What You Can Do

If you’re a developer: choose AGPL for any identity or privacy infrastructure you build. Don’t make it easy for the system to co-opt your work.

If you run a business: support and adopt self-sovereign identity solutions. Create demand for alternatives.

If you’re in crypto or the parallel economy: this is infrastructure you need. Digital identity that doesn’t rely on state permission is foundational for everything else you’re building.

And if you need help building it: this is what I do. I design infrastructure for people who can’t afford to trust centralized systems. Privacy-hardened servers. Self-hosted alternatives. Systems built with AGPL protection.

The control grid is being built right now. But the freedom grid can be built faster—if we make the right technical decisions and refuse to compromise on the licenses that protect our work from capture.

The choice isn’t between convenience and freedom. It’s between their system and ours.

Let’s build ours.