There’s the feature for following user people. And specifying these in the profile (as graph data*).
Is this signed in any way? I couldn’t find a hash or something similar.

* (i.e. https://s3.amazonaws.com/grph/naval for naval.id)

No it currently is not signed. This graph file is going to be phased out and it will be replaced with a collection of short-lived certificates. The list of people you follow will be built up from a list of certs you’ve signed. The list of people who follow you will be built up from a list of certs signed by your followers (which you’ll cache near your profile).

Oh, sounds even better.

Then we have a fully decentralized WOT that’s even easy to use
Edit: And because it’s “short-lived”, it’s not that leaking like PGP does (with signatures that stay forever).