> It's entirely possible the survey is anonymous, but they can still see who hasn't responded.
Sure —- but then you know the exact answers of the last person to respond; it’s just the delta between the results before they responded and after, and you know who they are. So they’re fully de-anonymized. And of course that means you can de-anonymize the second-to-last respondent… and so on.
Cool, so it could be exploited by someone who makes a hard effort to exploit it (polling the answers and comparing them to the non-respondents, I guess?).
How many of these "executives" or "HR people" who contract these kinds of surveys actually have the a) time, b) interest, or c) acuity to perform this kind of exploit? Not many that I could think of.
The bar for exploiting this is high for non-technical people, and I don't think it's rational to conclude that it would be exploited in the majority of cases, much less a significant minority. I think the default usage of surveys like this is approximately: 1) come up with some questions, 2) put these into some survey software, 3) put in the employee email list, 4) blast everyone with a link and a deadline, then 5) check back in on the results when the deadline is near.
Ain't nobody got time to watch every result come in and do some computation to figure out everyone's exact answers. If that's what they were really after, they'd probably just remove the option to respond anonymously. There are far easier ways to achieve the same end than by some circuitous exploit, right?
Sure —- but then you know the exact answers of the last person to respond; it’s just the delta between the results before they responded and after, and you know who they are. So they’re fully de-anonymized. And of course that means you can de-anonymize the second-to-last respondent… and so on.