From "I am human" to "I am not a robot," CAPTCHA is nothing strange to this bot-infested internet.
CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) have evolved significantly since their inception in the early 2000s. This evolution reflects the ongoing battle between security developers and increasingly sophisticated bots.
The idea is to find the best balance between security, user experience, and privacy.
As bots grow more sophisticated and that AI is making them increasingly human-like, new approaches like continuous authentication and passive detection are essential.
Now, someone has devised a novel and entertaining way for humans to prove they're not bots using CAPTCHA.
The CAPTCHA in question requires people to play the game of DOOM to prove that they're human.
Instead of typing something that is usually difficult for even humans to read, of relentlessly choosing images, the DOOM CAPTCHA requires users to play the actual game, and kill 3 enemies in Nightmare mode.
Created by Vercel CEO Guillermo Rauch, the CAPTCHA that runs smoothly on browsers, puts users in the perspective of a space marine, (unofficially referred to as Doomguy). Users have to move around to kill enemies and avoid being killed, using only a pistol and 50 ammo.
Solving the CAPTCHA is not as easy as most people think.
In fact, it can be much harder for most people.
In the DOOM CAPTCHA, users are given 100% health but 0% armor, and 50 pistol ammo to do the kills.
Enemies include a few groups of zombified human sergeant, or also called Shotgun Guys, and the hellspawn, fireball-hurling demons, or also called Imps.
Killing the enemies, like the Shotgun Guy, for example, will grant users a shotgun, which is an upgrade to the pistol.
Only after users can kill 3 enemies, that they can pass the test and proceed in whatever they want to do on the website.
The project works by using Emscripten, an LLVM/Clang-based compiler that compiles C and C++ source code to WebAssembly, primarily for execution in web browsers. In this case, it compiles a minimal port of DOOM to WebAssembly and enable intercommunication between the C-based game runloop (g_game.c) and the JavaScript-based CAPTCHA UI.
And in order for it to work, some extensions were made to the game to introduce relevant events needed for its usage in the context of a CAPTCHA.
I built https://t.co/YtUfA7fIyM – verify you're human by playing DOOM and killing at least 3 enemies (in nightmare mode)
powered by webassembly × libsdl, ui built in @v0 pic.twitter.com/kv6TAbJglx— Guillermo Rauch (@rauchg) December 31, 2024
The idea is based on the "Can it run Doom?", which is an internet meme and inside joke that highlights the versatility (or absurdity) of getting the original DOOM to run on various unconventional and often underpowered devices.
DOOM, developed by id Software, was released in 1993 and became a groundbreaking first-person shooter.
Fast forward to the modern days of internet and the increasingly powerful hardware, DOOM is considered a relic, but its efficient design and relatively small size made it portable across different platforms.
Over the years, tech enthusiasts began porting it to increasingly bizarre hardware as a challenge or to showcase the flexibility of DOOM's source code, which was released to the public in 1997.
As a result, people have been putting DOOM on anything from toasters to tealights.
And here, running DOOM in a browser is nothing new. But a CAPTCHA using DOOM is.