While it might be nice to claim authorship of a website you're proud of building, the main impact of adding this would be it'd provide an easy mechanism for bots and attackers to harvest data about the people and tech behind something on the internet. Knowing that "Name: Jimbob Smith" was on the team is incredibly useful to anyone who wants to phish access credentials.
Between the "About Us" / "Team" / ... company website pages and LinkedIn profiles, I'd wager a majority of white-collar employees already have much more than the contents of Humans.txt linking back to details of their employment
Yes but social engineering doesn't really scale, does it? You need to craft each message manually and adapt it to each company. The name search might not be the most complex part
Yes but that's why I say it doesn't scale if you have to go there in person. So having an automated way of getting names is not particularly helpful. The hard and time-consuming part is going there in person or calling the company.
Absolutely. Something that many people may forget or not realize is just how much of the Internet's traffic consists of bots - benevolent, malevolent, or benign. If you've ever made a machine's IP public and logged the IPV4 traffic, it's harrowing and sobering. The results of publicly available information on the Internet is outright terrifying if you are unfortunate enough to register a domain without WHOIS privacy protections through your registrar. The entire IPV4 space is constantly probed by bots and zombies for common vulnerabilities and data mining opportunities, and providing a humans.txt would only be serving any included information to bad agents on a silver platter. robots.txt is already a voluntary "standard", meaning that any agent accessing it must volunteer to respect it - providing more information to automated agents would certainly follow the same unspoken rule.
I think it's noble and fair for the people behind online content to wish to be recognized if they wish, but I would absolutely abstain from putting my name in any document like a humans.txt.
Indeed, we have pages on our site that are north of 95% bot traffic. And they're not junk or honeypot pages. The humans on this page often represent hi value prospects we seek to convert. B2B2C service.
At my company we have a humans.txt that is not hosted in public and we only add first names to a list. So you kinda remember who was involved over the years.
I think that is a nice touch and has no privacy issues.
Yes, the security implications of this information is the first thing that came to my mind while reading the site.
At my current company, we received many phishing attempts trying to impersonate people from IT (including phone calls). LinkedIn, CrunchBase, Glassdoor, and others gives you much more data about a company’s employees. But, ironically, leaving a humans.txt file makes things easier for bots.
I don't see how this will be useful to humans (which it, as I understand, should).
If the site owner wants to publish who the people behind a site are, they can add that to an About or Team page which are also a lot easier to read, especially for non-tech people.
I think this "humans.txt" file will be mostly useful for robots collecting that information and running automated phishing attacks or other bad stuff..
That's actually a good idea and would make it easier to create GDPR solutions.
E.g. if a Agency needs to create a new cookie banner, they could just look at the network.txt instead of having to call the client multiple times (one call won't be enough because most clients don't have any clue which 3rd party solutions they actually use)
Quick look shows you’re limiting it to “data transmission” — but to me it should list all network connections, regardless of if data sent. If you’re limiting it to just data, I would just call it data.txt.
Wow. I last updated my humans.txt[0] file many moons ago. It is one of those things you find the first time, jump on it, and then forget about it. LOL. I guess the same goes for security.txt[1]
What's up with the linked Spotify playlist? I don't understand how a music playlist could be related, and the list itself mildly looks like it was composed as a joke to create sexual references through titles.
My rule of thumb: I love Web-Standards but if some quirky format hasn't taken off over a decade after introduction, it's not worth implementing. Maybe someone can come up with something less prone to scraping under the .well-known umbrella.
> site:.com inurl:"humans.txt" "the humans responsible & colophon"
That yields just "About 139 results". But searching for
inurl:humans.txt filetype:txt
[1] gives "About 2,030 results". Quite surprised seeing it somewhat adopted by Google and Netflix, but not exactly in the way proposed by the "standard".
Looking at the examples, it seems that most companies use humans.txt as an Easter egg for curious people. The one from Medium is “fun” because the only contact info that they share is from people who reported security bugs: https://medium.com/humans.txt
It somewhat reminds me of the history of video games.
Back "in the day" game programmers and others were seen as largely disposable labor and did not even have their names listed in any sort of credits. This is what led directly to the creation of Activision. A handful of programmers (in very small teams) were responsible for the large majority of Atari's sales, but were receiving relatively meager wages, and not even receiving credit for their products.
So these 4 programmers started a new company - Active Television - Activision, where the people building the products being used received credit, alongside better compensation for such. And today, 40 years later, Atari is Atari while Activision is Activision. Of course the irony being that Activision has gradually become another metaphorical Atari meaning 40 years from now there will undoubtedly be some new name in here, but such is the cyclical nature of everything in society.
That was my first reaction too but it does kind of mess with it being a joke about /robots.txt, which is grandfathered in at the root. Also, /.well-known/ is not very human-friendly.
How about pets.txt? My cat contributes a lot to my wellbeing so it was a tremendous help while building a website, I am sure people would like to know it.
Google is built by a large team of engineers, designers, researchers, robots, and others in many different sites across the globe. It is updated continuously, and built with more tools and technologies than we can shake a stick at. If you'd like to help us out, see careers.google.com.
What possible useful purpose could this serve other than an ego stroke for the people who list themselves in it?
Anyway a variation on this ego-stroke existed back in the day, the webmaster! No one emailed the webmaster back then either (despite his/her multiple pleas on every page) so I can't fathom how anyone thinks this sort of silliness will take off.
Good on them though, but I can't help but feel not enough people liked or subscribed to their YouTube channel.
I use my humans.txt to give credit to the people who influenced me over the years. https://jasonmurray.org/humans.txt - not everyone needs their ego stroked, even if they do who cares.
I thought it made the comment look like it was posted by a bot, in an attempt to troll (some) humans into turning against humans.txt, leaving robots.txt as the "winner".
Not knowing whether this was intended by a human ironically, or actually posted by a bot, or is just the result of someone not getting enough sleep and/or a stray cat on the keyboard, was part of the intrigue.
