> 1) What are the limits of what we can achieve? I'm thinking that
> after the first submission occurs, if we can view it, then we know
> that person's results and they are not anonymous since we can tell
> that everyone else hasn't filled out the survey. And by induction,
> this applies to every new submission. Can we do better?
There are a number of papers and works on de-anonymizing data. Do some
searching.
The bottom line is that either you trust the people doing the survey to protect
the respondents, or you don't. If they do not actively protect the respondents,
there's no anonymity no matter what you do.
>
> 2) How much can we achieve with crypto?
Not nearly as much as you think.
>
> 3) How much guarantee can we give the end user, who may not write the
> client software himself? This is similar to a problem in e-voting.
I have to blink with a bit of incredulity this statement, particularly the
phrase, "... who may not write the client software himself." This seems to
imply that you think that writing the software yourself is either necessary or
sufficient. For the necessary part, I'll say that if security requires only
writing software you write yourself, then it's all over, just hang it up now.
Even people who can (like you and me) have better things to do with their time.
Saying that people have to write their own software is saying you want to end
innovation. It's like saying that we'll make do with living in caves; not
precisely that, but very like it. As for the sufficiency part, the major
problem with that is that the standards one needs to interoperate are the major
threat.
Any philosophy of security that limits the user to software they write
themselves not only makes security an elite activity only done by the very,
very few, but limits the elite to only the activities they care enough about to
actually write the software.
Lastly, let's also note that you and I have each assumed that said software
will be bug-free. This may be overly-simplistic.
Jon
All the cryptography in the world isn't going to protect survey anonymity if
the
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
