Patron Self Registration form needs captcha

Bug #1821093 reported by Blake GH on 2019-03-20
74
This bug affects 15 people
Affects Status Importance Assigned to Milestone
Evergreen
Medium
Unassigned

Bug Description

EG 3.1.10

We are seeing a volume of spam submission into this form. We would like the internet to knock it off! Captcha or something like Captcha seems like the obvious choice.

To be clear:

/eg/opac/register

Revision history for this message
Meg Stroup (mstroup) wrote :

Can confirm that South Carolina State Library (part of SCLENDS) has also experienced spam submissions. Something Captcha-esque would be helpful.

Evergreen 3.1.10, Chrome.

Changed in evergreen:
status: New → Confirmed
Jane Sandberg (sandbej) on 2019-04-13
tags: added: opac patron
Meg Stroup (mstroup) on 2019-09-13
tags: added: wishlist
Revision history for this message
Katie Greenleaf Martin (katiegmartin) wrote :

Here is an example of how this impacts SPARK libraries - tons of 'junk' data in patron self-registration.

Revision history for this message
Carrie Cleary (ccleary.pails) wrote :

Problems with useless data in the form are reported frequently by PaILS Members using SPARK Support. Our response is to send them to this bug.

There may be locations who opt to stop using the feature if we do not address this.

Revision history for this message
Jane Sandberg (sandbej) wrote :

Just a note that, when implemented, libraries must be able to enable or disable the CAPTCHA on this form (maybe through a library setting). CAPTCHAs have serious, intrinsic accessibility issues: https://www.w3.org/TR/turingtest/#the-accessibility-challenge

WebAIM has a list of anti-spam techniques without so many accessibility drawbacks: https://webaim.org/blog/spam_free_accessible_forms/ -- maybe some of these could be useful too.

Changed in evergreen:
importance: Undecided → Medium
Revision history for this message
Lindsay Stratton (lstratton) wrote :

Westchester libraries also report concerns. We would definitely like to see some kind of "are you human" check.

Revision history for this message
Blake GH (bmagic) wrote :

Jane - that article captivated me for more than a half hour! Wow! I am left with no solution. It seems that it's a catch 22.

But I love the ideas presented here: https://webaim.org/blog/spam_free_accessible_forms/

For three reasons:

1. We can implement most of these in Evergreen.
2. We don't need to ask the system administrators to subscribe to a third party CAPTCHA product.
3. Most of these provide accessibility solutions, though not foolproof.

I think that if we employ two or three of these things on this page, we will see a dramatic drop in spam submissions!

Reading that makes me want to code something right away!

PS. I was considering a "roll your own" CAPTCHA. Like this example:

<label for="cap">Please type the name of the library for which you are registering. The exact spelling is shown to you in the dropdown menu above</label>
<input name="cap" type="text" />

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers