On humans.json (I think it's pretty nifty either way)

Published Mar 9, 2026

Tags: humanity ai programming praise gpg

Honestly, this post isn’t anything special, I mostly just wanted to let out a couple of thoughts to let people know I’m not dead. The subject of today’s article is human.json and the thoughts of other humans (or they’re supposedly humans) on the Lobsters thread about this idea, in other words, I’ve basically just written a blog entry with a lot of it being based on a Reddit-like thread. Feel free to skip this post in your reading leisure, but if you choose to read on, then you might want to read the first two links above first! They provide important context!

Anyways, human.json is a pretty nifty idea! It reminds me of the Web of Trust idea in the GnuPG days, though the obvious difference between these two concepts is their purpose and the foundation they’re built upon. GnuPG relies on cryptography as a foundation for its web, whereas human.json just uses plain-old URLs.

When you make your own GnuPG key, you have no certifications and no people vouching for your existence. But then, you visit a couple of key signing parties to actually let people know you’re real. Your humanity is vouched by other humans, and eventually this entire web will extend to people we know are 100% humans which means that everyone else, by proxy, is also a human.

The main point of the GnuPG’s web of trust isn’t to verify you humanity, no, it’s to verify your identity, that you’re the one specific human you say you are on your key. If you’re gonna go out and verify other people’s keys, as well as get your own key verified, then you’re expected to use your real name on your GnuPG keys. You’re also expected to carry an ID of some sorts, such as a drivers license, which will verify that this is actually you and not someone else.

Your key then contains every connection you’ve had with other people, even for a brief second, and all their connections too can be traced back to one root source. Even worse is that cryptography keys, and every person they’ve ever vouched, can be uploaded to “key servers” which does have some practical benefits but it ensures that everyone’s keys and connections are all on that one public server. So it’s so much easier to scrape, download and analyze.

In other words, it’s a self-imposed mass surveillance network, and I’m not so keen on that idea…

“So, you hate human.json?” No, actually.

I think it’s neat, and as discussed previously, the main difference between these two projects is their purpose and the foundation they’re built upon. The purpose of human.json isn’t to verify the identity of people and build it into one massive, queryable network. It’s to verify the humanity of a person, not that they’re a specific human being. Not just that, but since human.json is built around each author hosting their own version of human.json on their own silo, it’s a lot more difficult to crawl this network. Compare that to GnuPG’s key server concept, which is way easier to scrape since you only need to scrape a handful of key servers to effectively get all the keys in the network.

So! human.json gets a thumbs up for me, and I am currently considering adopting it since I think it’s such a neat little thing. Anyway, keep in mind that this project does have some flaws, such as disclosing that you are a human. (After all that is the point of it) but which can lead to AI bots crawling your site for training data. Read the rest of this post for more, but ultimately, whether or not you use this system is up to you, don’t let yourself be swayed by shouting and come to your own conclusion!

So, what was the Internet’s reaction to this?

We’re ignoring mainstream social media such as Twitter, because that’s an entire anti-social nightmare. I’m also ignoring Hacker News, because frankly I’ve always had a grudge with the awful amounts of AI being pushed on that site. This entire post was meant to be quick, dirty and easy to write, so I’ll just be focusing on that Lobsters thread mentioned at the very top.

Anyway, I’m gonna be highlighting a couple of comments and writing out critiques or additional thoughts. I’ll be ignoring comments that I don’t really care about. If a comment has already decent replies, at time of writing this blog post at least, then I won’t respond to it either. Here we go!

Several people outlined that this doesn’t actually ensure high quality content:

“AI-generated content is often plausible sounding but wrong.” (Quoting the repository)

This, of course, is true of masses of human generated content, too, which is why we have the system of citations and primary sources.

The commenter outlines the system of citations by themselves as an alternative, but I think this is missing the point of human.json. There was already a lot of awful writing by awful, but real people. Think about the floods of typo-filled messages celebrities get from fans or the awful dodgy reasoning and arguing in bad faith that used to happen (and still is happening) on Twitter before 2022.

This system is not there to guarantee high quality writing, it’s so incomplete for that purpose. It’s only there to verify that the stuff you’re reading was, in fact, written by a human. Many other commenters replied to this comment outlining the importance of knowing that a real human being is behind the thoughts you see, and I think this is valuable too! I don’t wanna spend my time reading ChatGPT output, when I can just sign onto ChatGPT and get that for free, so we’ll need systems like this for people to vouch for their humanity.

Anyways, moving on, this comment has lots of excellent criticism, I will try to give my perspective on the first and last points of it. Starting from the first:

If you’re worried about trying to identify low quality AI-content farms, those places are already using deceptive practices to attract eyeballs and so why wouldn’t they just lie in their human.json file?

I think this commenter has a point, but they’ve misunderstood human.json as to mean that they can choose who they’re vouched by, the commenter might’ve misread the <link rel=... or the structure of the human.json file itself to think that it’s basically just a meta tag disclosing who the site is vouched by, and that you can just fill with it with as many sites as you want to cheat the system into thinking you’re a human. Basically keyword stuffing in a nutshell.

This is obviously wrong, you can vouch as many people as you want, but you can only be vouched by another site. You can’t disclose your own “vouchers” in the human.json file, a user must actually trust someone who trusts your site (even down the line eventually).

But I think this commenter did actually point out a valid weak spot. Spammers can just buy as many domains as they wish and vouch for each other, though this does mean that a user has to intentionally trust them or trust someone who does (even down the lines eventually). A trusted blogger might accidentally vouch for one spammy website which then vouches for all other spamsites out there, and whoops! People now read AI trash assuming it’s safe! There is a limit on how deep the connection can go, so it mitigates this partially, but it’s still a problem.

The only real solution as of now is to just be mindful of who you trust, but it’s a fragile thing too, because websites can expire and be bought up by other spam tsunamis who then abuse the decaying link to gain trust. Link rot is especially problematic, and the decline of blogs shows just how vulnerable a website is to all sorts of things: Rising costs, lack of passion, in worses cases even death of the author… It’s kinda depressing. I still believe in the value of this proposal, since there’s no technical way to stop link rot or stop people from vouching for trash sites, those are social problems first and foremost. It’s the Evil bit all over again if you try to come up with a technical solution to a social problem.

If you’re just trying to reward human authors who eschew AI generators, then that’s a fine goal, but I’m not sure a human.json file is the best way to do that

This is what I mentioned earlier, and this is what inspired me to actually write this post. Several commenters did point out that an AI vendor can just abuse the trust mechanisms to know effectively what is a human, and thus download their writings as training data. Now, I post so infrequently that any AI vendor relying on me for training data will go bankrupt in the time they’ve sat on their hands and not distributed a product. But a real tragedy of the commons scenario can occur if enough people pick this system up, because then AI vendors will have access to an indefinite stream of human content they can train on. It’s a slow stream, but it’s a stream nonetheless.

As for me, I don’t really care. I’ll keep looking into this despite the problems it has, because I beieve it’s extremely valuable.

Ok actually wait, can we bring key signing parties back, but adapt it for this? A cozy party for humans to let other humans know about their blogs wouldn’t be so bad! Ses!

Oh and yes, this is my post for Miku Day 2026. Have fun.