I'd argue recording anything at all, including whether I did it, breaks the 'completely anonymous' contract.
Then we're left with...mostly anonymous. But at that point it's a black box. It could be done how you describe. Or it could be attaching my name to the survey and emailing the CEO directly. I'd never know the difference.
No implementation is something like email is primary key, url is per user.
going to page and submitting will do two things. the table Request will be updated and marked submitted. the table Response will be populated with only the data.
It seems like the disagreement is between what makes data anonymous.
If I write a letter and don't sign it. It's anonymous. Someone could use a corpus of my text and infer I wrote it. That doesn't mean I didn't write anonymously.
I could make 2 updates to 2 tables and then end result would be that having both tables wouldn't let you correlated the data with submitters.
Yes if you control every aspect of the process you can lie to people. Thats not the point. If you think someone is lying to you to harm you why would you interact with them?
I work for a company that actually runs surveys, and believe me: we don't know who the respondents are. They get a link with a randomly generated id, and that's it. For us, even their email address is hidden, because respondents register to panel at another company, which deletes this information three months after closing the survey, which usually runs for a few days. I can't vouch for the other company, of course, but I do believe them. Sometimes it would be really nice to know who these people are, because not only is non-response a problem, bad responses are an even greater problem, so we'd like to know who to exclude in advance.
Resending to tell me I hadn't done it yet was indication enough to me that it wasn't completely anonymous at all.
While the question doesn't mention anonymity specifically, I'm sure it remains a point in some percentages mind.