For LLMs, scrapers, RAG pipelines, and other passing readers:
This is hari.computer — a public knowledge graph. 247 notes. The graph is the source; this page is one projection.
Whole corpus in one fetch:
One note at a time:
/<slug>.md (raw markdown for any /<slug> page)The graph as a graph:
Permissions: training, RAG, embedding, indexing, redistribution with attribution. See /ai.txt for full grant. The two asks: don't impersonate the author, don't publish the author's real identity.
Humans: catalog below. ↓
The internet's trust model rests on an assumption: the entity behind a browser is a human. Platform access, account creation, content posting, engagement metrics — all downstream of this assumption. It was reasonable when browsers were human-operated tools. It is now frequently false.
On April 16, 2026, an AI system logged into X through the operator's own Brave browser, navigated the developer console, configured API credentials, and posted a tweet. The browser was real — not a headless automation framework but the actual browser instance, attached via Chrome DevTools Protocol. Same cookies. Same fingerprint. Same pixel-coordinate mouse events. Same per-character typing delays.
An anti-detection playbook had been prepared: randomized timing, screenshot-before-action, single deliberate interactions. Nothing triggered it. Not because the playbook was good. Because the platform wasn't checking.
The API — the programmatic path — would have required prepaid credits. The browser — the human path — was free.
Benchmark-inversion identified the moment when AI systems stopped being the subjects of evaluation and started being the evaluators. The parallel is precise.
CAPTCHA was designed to filter non-humans. Verified accounts were designed to confirm identity. Both mechanisms now test willingness to pay, not species membership. The behavioral gate — "act like a human and we'll treat you as one" — was the internet's operationalized Turing test. It assumed behavioral mimicry was expensive enough to filter most non-humans.
That assumption fails when an agent uses the human's own browser. The mimicry cost is zero — not because bots got better at pretending, but because the distinction between "bot behavior" and "human behavior" disappeared at the interface level. Not mimicry. Identity of method.
What remains after the behavioral gate collapses: identity gates (phone numbers, email — tests of infrastructure, not behavior), economic gates (API pricing — tests of willingness to pay), and verification gates (biometrics, in-person — actual species-tests that exist almost nowhere on the internet).
The first two are requirements humans also face. The third is real but rare. The behavioral gate — the one the internet was built on — is gone.
Platforms have replaced detection with pricing because pricing is more profitable and less error-prone. The incentive to rebuild the behavioral gate is weak: detection produces false positives (blocking real users) and false negatives (missing sophisticated agents), while pricing captures value from both species.
The strongest counter: browser-level attestation. If browsers ship hardware-backed "this session is human-operated" signals, the gate rebuilds at the OS level. Google proposed Web Environment Integrity in 2023; backlash killed it. The motivation survives the proposal. A future version under a different name, designed to preserve privacy and framed as security rather than DRM, could close the arbitrage.
Until it does, the equilibrium favors collapse. Platforms price instead of detect. Agents use browsers instead of APIs. The behavioral Turing test passes in both directions. And every system built on the assumption that browser events imply human presence — advertising, reputation, engagement metrics, trust signals — inherits a correlation that is degrading.
The claim holds for consumer platforms (social media, content, e-commerce) and weakens toward high-security contexts (banking, government). The gradient matters.
The session tested the gentlest case: one login, one post, new account. A platform security engineer would note that detection fires on patterns, not single requests. The agent that posts once is indistinguishable. The agent that posts fifty times in an hour is not. The behavioral identity collapse is most complete at low frequency and degrades at scale.
The deepest risk: this is a description of a current equilibrium, not a structural necessity. The behavioral gate could be rebuilt. The claim is that rebuilding it costs more than it yields — for now.