I recently paid a visit to a trade show where visitor registration was required. I was directed to a bank of tablet PCs, where I was asked to enter my personal details so that a visitor badge could be printed out.
When I started filling in the form, I noticed something concerning - as soon as I started typing in any single form field, it was being prefilled with the personal information of the people who had used the kiosk before me - first name, last name, company name, email addresses and phone numbers.
When I got back to work I shared my experiences on Slack, including the fact that our company name was in the list of prefill selections, and our security and compliance officer immediately replied:
I noticed the same thing! I’ll raise it this afternoon at their booth as a casual FYI
So how do you screw up something so simple?
So who’s fault is it? Turns out trade shows doesn’t run their own registration process - they outsource it to a specialist convention registration manager, who then use either their own bespoke software to colelct data, or licences a 3rd party product to do the job.
How to fix it
Getting the creator of the web form to add the
autocomplete attribute to form elements is one solution.
<input name="q" type="text" autocomplete="off"/>
But this is often ignored by browsers like Google Chrome which also supports ‘autofill’ between different web sites.
So you need to also ensure that autofill is disabled in the web browser being used to run the data collection form.
This example is for Google Chrome.
Cloud Four has an excellent piece on the difference between autocomplete and autofill titled Autofill: What web devs should know, but don’t.