> The DOOM Captcha is just using html/css/js so it's easy for bots to crack with simple DOM querying/manipulation in an automated browser.
I mean, if you're looking at it at that level, it's just giving a "didn't pass" callback. A bad actor could just ignore that, and not care about it.
Without some sort of server side verification of the result, it doesn't really matter how difficult it is to script through the game itself. Even some crazy hard game in canvas isn't any more difficult for a bot to script around, if the server doesn't have any way of knowing anyone actually jumped through the hoop.
I mean, if you're looking at it at that level, it's just giving a "didn't pass" callback. A bad actor could just ignore that, and not care about it.
Without some sort of server side verification of the result, it doesn't really matter how difficult it is to script through the game itself. Even some crazy hard game in canvas isn't any more difficult for a bot to script around, if the server doesn't have any way of knowing anyone actually jumped through the hoop.