Adding 'human.json' support to this blog

Taking part in an experiment to build a more human web

2026-03-27

A little while ago I heard about human.json. It’s an initiative and protocol to build a more human-authored web.

The idea is simple: you host a human.json file on your website. This file is a self-reporting claim that your website does not contain wholly AI-generated content. The file also allows you to ‘vouch’ for other websites as similarly human. The result is a network of sites, each vouching for one-another, in a web of trust. Readers can elect to trust one or more websites and a corresponding browser extension uses this information to make a judgement about how much other sites may be trusted as human-authored, based on the number of ‘hops’ from your original trusted site. As an extra plus, sites that join the network end up being easier to discover through these hops.

Implementing support

The protocol is disarmingly simple. For a basic setup, your website should:

  1. Include a <link rel = "human-json" href="/human.json"> in the <head> tag of each page’s HTML.

    (technically, human.json can be served at any path - but a /human.json at the site root is conventional)

  2. Serve a /human.json file containing JSON data that follows the human.json format. Additionally, the file should be served with the following response headers:

    • content-type: application/json
    • access-control-allow-origin: *

    The latter is used to give a user’s browser extension permission to read the contents of the file.

I recommend installing the browser extension to test your website. Do note that you can easily test it locally before deploying by setting the url field in your human.json to whatever local URL you’re using (in my case, that was localhost:3000); this will allow the browser extension to recognise the local copy as ‘participating’ in the protocol.

The format

At time of writing, this is what my human.json looks like:

{
    "version": "0.1.1",
    "url": "https://blog.jsbarretto.com",
    "vouches": [
        {
            "url": "https://neilzone.co.uk/",
            "vouched_at": "2026-03-27"
        },
        {
            "url": "https://wapl.es/",
            "vouched_at": "2026-03-27"
        }
    ]
}

The format is fairly self-explanatory. More information can be found here.

Thoughts about the protocol

Topics

I’d like to see the ability to add ‘vouch topics’ to clarify exactly what is being vouched for. While the protocol spec seems to imply that light post-process editing with LLMs is still considered ‘human-authored’, I can imagine this becoming increasingly unclear over time as the technology evolves. Knowing whether intermediate hops have the same understanding of what ‘human-authored’ means to me seems important.

Scale

A few others have pointing out that over time scale might become a problem. Even if every site only vouches for a handful of others, the six degrees of separation principle demonstrates that the search space required to determine the fewest vouch hops between two sites has a habit of exploding. That said, I’m tempted to lump this into the ‘imaginary scaling issues’ category that junior programmers tend to hyperventilate about a lot: we have fast computers for a reason and a good cache is the best cure for scary big-O.

Attack resistance

It is an imperfect system: a vouch implies ‘reasonable confidence’, and each successive hop between one of your implicitly trusted sites and the target site makes the human authorship claim weaker. That weakening is also what makes it resistant to attack: a malicious user might be able to vouch for themselves and their ‘minions’, but gaining entry into the wider network would require a member of that network vouching for them.

As the protocol becomes more popular, the likelihood of a malicious user trying to feign trust grows. I expect that over time a more important metric than ‘is there a hop path to this site?’ will become ‘how many unique hop paths are there to this site?’. That may result in retaining the ability to trust sites, but it may also push smaller sites that can’t rack up enough mutual vouches out of the network. Only time will tell.

Conclusion

I’m not sure how popular human.json will become. Already I can see, via the browser extension, that there are an impressive number of sites that have elected to implement it. For now, I’m treating this as an experiment.

Thanks to @robida for coming up with the idea and specifying the protocol.