Patron Self Registration form needs captcha

Can confirm that South Carolina State Library (part of SCLENDS) has also experienced spam submissions. Something Captcha-esque would be helpful.

Evergreen 3.1.10, Chrome.

Here is an example of how this impacts SPARK libraries - tons of 'junk' data in patron self-registration.

Problems with useless data in the form are reported frequently by PaILS Members using SPARK Support. Our response is to send them to this bug.

There may be locations who opt to stop using the feature if we do not address this.

Just a note that, when implemented, libraries must be able to enable or disable the CAPTCHA on this form (maybe through a library setting). CAPTCHAs have serious, intrinsic accessibility issues: https://www.w3.org/TR/turingtest/#the-accessibility-challenge

WebAIM has a list of anti-spam techniques without so many accessibility drawbacks: https://webaim.org/blog/spam_free_accessible_forms/ -- maybe some of these could be useful too.

Westchester libraries also report concerns. We would definitely like to see some kind of "are you human" check.

Jane - that article captivated me for more than a half hour! Wow! I am left with no solution. It seems that it's a catch 22.

But I love the ideas presented here: https://webaim.org/blog/spam_free_accessible_forms/

For three reasons:

1. We can implement most of these in Evergreen.
2. We don't need to ask the system administrators to subscribe to a third party CAPTCHA product.
3. Most of these provide accessibility solutions, though not foolproof.

I think that if we employ two or three of these things on this page, we will see a dramatic drop in spam submissions!

Reading that makes me want to code something right away!

PS. I was considering a "roll your own" CAPTCHA. Like this example:

<label for="cap">Please type the name of the library for which you are registering. The exact spelling is shown to you in the dropdown menu above</label>
<input name="cap" type="text" />

This continues to be an issue for SPARK/PaILS in 3.9.1.

Another note that we have a "roll your own" CAPTCHA in the record emailer, consisting of a little math problem. It has an existing bitesize accessibility bug (see bug 2015141), but it would be nice to re-use that if possible.

Yet another note: WCAG 2.2, which is not out yet but should be approved soon-ish, specifies that math quizzes will not pass level AA unless there is another alternative.

See
https://w3c.github.io/wcag/guidelines/22/#accessible-authentication-minimum for the requirement language and
https://www.w3.org/WAI/WCAG22/Understanding/accessible-authentication for the discussion.