Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics

Dashboard
Notifications
Mark all as read
Q&A

Is there a problem in making Captcha an HTML builtin with an attribute setting which type of Captcha

+0
−1

Many web login and contact form features could be set as standard HTML builtins without the need to develop and backend and/or (non HTML) frontend for them, for example:

  • Select field
  • Input Date field
  • Input Time field

In that StackExchange post I understood from one of the commenters that Captcha can't be such a standard feature, say by W3C:

Because this has absolutely nothing to do with HTML and this is not a coding standard or approach

I don't know why the commenter wrote that.


Is there a problem making Captchas a standard HTML builtin with attributes to set Captcha type? I mean, especially if it used just once per webpage, this can be nice, isn't it?

Why does this post require moderator attention?
You might want to add some details to your flag.
Why should this post be closed?

0 comments

1 answer

+4
−0

As the comments in that thread mention, Captcha is a service, not mere software. The distinction is that Captcha are in an arms race with spammers, and must continually evolve to remain effective.

In particular, many popular Captcha approaches have been made obsolete by advances in AI: The "distorted text as image" trick was made largely obsolete by advances in text recognition algorithms, and the "identify this image" trick will likely be made obsolete in the near future by innovations in image recognition fueled by the development of self driving cars (in fact, training AI systems is probably the reason Google offers reCAPTCHA as a service in the first place).

This continued evolution makes Captcha standardization difficult:

  • If W3C standardizes an implementation, it will require browser vendors to participate in this arms race, which they have no incentive to do. In addition, if the standardized approach becomes insecure, W3C and all browser vendors would need to fix that quickly, but the W3C standardization process often takes years, which is a wholly unsuitable time period for fixing security issues.
  • If W3C did not standardize the implementation, browsers would offer radically different levels of security. Since the website wishing to employ a Captcha must trust that security, it won't want to buy a pig in a poke, so will likely not use the browser feature, but continue to use Captcha services of known quality, making the standardized Captcha feature useless.

The only benefit standardization could possible provide is to define a uniform interface for embedding Captcha provided by third parties into a website, but since embedding Captchas is trivial with the means HTML already provides, this wouldn't add significant value.

So the key difference between Captchas and a date input is that Captchas must evolve alongside the state of the art in AI research, but date inputs can remain as they are for ever.

And by the way, even the standardization of date inputs by W3C was not really successful, because the browser implementations are of such varying quality that many web developers prefer custom JavaScript controls for consistency of user experience. For instance, MDN writes:

At the moment, the best way to deal with dates in forms in a cross-browser way is to have the user enter the day, month, and year in separate controls, or to use a JavaScript library such as jQuery date picker.

Why does this post require moderator attention?
You might want to add some details to your flag.

0 comments

Sign up to answer this question »