another sketch of anonymization protocol ... without encryption!
Do you think it is demonstrable or not that a data collection protocol as outlined here cannot theoretically allow anonymization ?
It will be just as constructive to demonstrate a possible theoretical impossibility, as to discover trick or solutions by which what may seem unachievable could still find a way …
To quote in short, here is another sketch of private protocol (to avoid any legal complications), aimed at avoiding any encryption : (think USB stick - Raspberry Pi without Internet connection, without database and without block-chain!)
Kdo-contacts that meet from neighbourhood to neighbourhood exchange throughout the year (to fix ideas) , using USB stick, tables coupling (id-strawberry; its weighting);
these tables are stamped (dated and 'signed') by an anonymous tracking, and must be transmitted without any change to any accessible contact that does not already have it.
Each of these tables can be a fake!
However, when a participant-Kdo feels that he and his 2 or 3 direct contacts have amassed enough tables to 'scramble the tracks', he can then transmit an anonymous token indicating as non-fake the identity of his own table (his direct-Kdo-contacts will not know if this token comes from him or if he only transmits the validation token from another participant).
Does that sound 'playable' to you? (note that those who would not play the game by not transmitting the info to all their close contacts-Kdo ... could be quickly unmasked by the redundancy of receptions ...)