Untitled
How It Works
Veranon uses zero-knowledge cryptography to enable truly anonymous feedback that organizations can trust. Unlike traditional anonymous surveys that ask you to trust the administrator won't look, Veranon makes deanonymization technically impossible.
The Core Problem
Traditional anonymous feedback systems face a fundamental dilemma:
- If you can verify identity, you lose anonymity
- If you preserve anonymity, you can't verify authenticity
Most "anonymous" tools simply separate your identity from your responses in the database. But the server still knows you submitted something at a particular time. Metadata leaks. Logs exist. A determined administrator, a data breach, or a legal subpoena could connect the dots.
Veranon breaks that connection entirely—not through policy, but through mathematics.
How Veranon Works in Practice
For Survey Administrators
1. Create Your Survey
Set up your survey with questions and specify who should be able to respond. When you activate the survey, Veranon generates a pool of anonymous credentials—cryptographic tokens that prove "the holder is allowed to respond" without revealing who the holder is.
2. Distribute Access
Invite eligible respondents via email, SSO integration, or other organizational authentication. Each person claims an anonymous credential through a process where the server cannot determine which credential they received.
3. Review Responses
You see verified responses from your organization, aggregate trends, and participation rates. You cannot see who submitted which response. This isn't a feature you can toggle off—it's how the system works at a fundamental level.
For Respondents
1. Claim Your Anonymous Credential
Authenticate once using your normal organizational login (email, OAuth, etc.) to prove you're eligible. During this process, you claim an anonymous credential using a cryptographic technique called blind signatures.
You generate a random token and scramble it before sending to the server. The server signs your scrambled token without seeing what it actually says. You unscramble the signed result, leaving you with a valid server signature on your original token.
The server knows it signed something for you. Someone later shows up with a valid signed token. The server cannot connect these two events—the scrambling process mathematically severs the link.
2. Submit Your Response Anonymously
When you're ready to respond, you don't log in at all. No session cookie, no authentication token, nothing that identifies you.
Instead, you submit your answers along with a zero-knowledge proof. This proof demonstrates you hold a valid credential from the authorized group without revealing which credential it is. The server verifies the proof and checks you haven't already submitted (each credential works only once).
Your response is recorded with no connection to your identity.
The Two-Step Anonymity Guarantee
Veranon's protection relies on two distinct cryptographic techniques working together:
Step One: Blind Credential Distribution
Traditional approach: Server hands you a credential directly, creating a record of which credential went to which person.
Veranon's approach: You receive a credential through a blind signature protocol where the server cryptographically signs your credential without being able to see its contents. The server knows it issued a credential to you, but cannot recognize that credential when you use it later.
Step Two: Zero-Knowledge Response Submission
Traditional approach: You authenticate when submitting, creating a log entry connecting your identity to your response.
Veranon's approach: You generate a zero-knowledge proof that demonstrates you hold a valid credential without revealing anything about which credential it is. The server verifies this proof and records your response with no identity attached.
The server's logs show only: "received valid response from authorized group member."
What This Means for You
For Employees and Respondents
Cryptographic anonymity guarantee
Your identity is protected by mathematics, not policy. Even if someone wanted to deanonymize you, they technically cannot.
No need to trust administrators
The system physically prevents anyone—including Veranon, your organization's administrators, or attackers who breach the database—from connecting responses to individuals.
Speak honestly without career risk
When anonymity is mathematically guaranteed rather than policy-enforced, you can provide feedback that might otherwise feel too risky.
For Leaders and Administrators
Verified feedback you can trust
Every response is cryptographically proven to come from an authorized member of your organization—no external voices, no fake submissions.
Authentic insights to act on
Knowing feedback is both verified and truly anonymous helps you receive more honest input from your team.
Participation without identification
Track who has claimed credentials (to send reminders) without being able to see who submitted which responses.
For Compliance and Legal
Whistleblower protection by design
Meet legal anonymity requirements with a system where deanonymization is technically impossible, not just against policy.
Immutable audit trail
Cryptographic proofs provide verifiable records without exposing personal data.
Defense against subpoenas
When respondent identities don't exist in your system, there's nothing to produce under legal order.
Understanding the Technology
Zero-Knowledge Proofs
Zero-knowledge proofs let you prove you know something without revealing what you know. In Veranon's case, you prove you hold a valid credential without revealing which credential.
The proof is generated entirely in your browser. The server never sees your credential's secret values—only the proof that you possess a valid one. Proof generation takes a few seconds on typical hardware. Verification is nearly instant.
Blind Signatures
Blind signatures allow the server to cryptographically sign your credential without seeing its contents. Think of it like signing a document inside a sealed envelope—the signature goes through the envelope, but the signer never sees what's inside.
This prevents the server from recognizing your credential when you use it to submit responses.
Built on Semaphore
Veranon uses Semaphore, an open protocol for anonymous group membership proofs. Semaphore has been audited and is used in production systems handling significant value. The blind signature scheme follows published cryptographic standards.
What Administrators Can See
Veranon provides useful information without compromising anonymity:
Participation tracking
See which eligible respondents have claimed their anonymous credentials. Send reminders to those who haven't participated yet.
Response counts
Know how many responses you've received and track participation rates over time.
Aggregate trends
Analyze patterns across all responses, identify themes, and understand organizational sentiment.
Individual responses
Read each response as submitted, just without knowing who wrote it.
What you cannot see: Any connection between a respondent's identity and their specific response.
Honest Limitations and Caveats
Veranon provides strong technical anonymity, but some practical limitations exist:
Small Group Risk
If only three people could respond and one response mentions a project only one person worked on, the content itself reveals the author. Veranon can't protect against self-identification through response content.
Recommendation: Groups of 10+ respondents provide better anonymity. Consider grouping small teams together or being thoughtful about question design.
Timing Correlation
In small groups, being the only person to access the survey at 3am and submitting at 3:01am creates a correlation. Larger groups and normal business hours provide better cover.
Recommendation: Encourage participation during windows when multiple people are active.
Server Trust Assumption
The server generates the anonymous credential pool. A malicious server operator could theoretically generate credentials in a traceable way. For organizational surveys where administrators are somewhat trusted, this is acceptable. Higher-stakes applications might require collaborative credential generation.
Mitigation: Veranon's code is open for audit. The standard deployment model assumes the survey administrator is not actively trying to subvert respondent anonymity.
When to Use Veranon
Veranon fits situations where:
- Honest feedback matters more than attributed feedback
- Respondents might self-censor if answers could be traced
- "We promise it's anonymous" isn't convincing enough
- You want to be able to say "we literally cannot see who said what"
Getting Started
1. Your organization signs up
Create a workspace and configure your organizational authentication (email domains, SSO, etc.)
2. Create your first survey
Set up questions and specify eligible respondents. Veranon generates the anonymous credential pool automatically.
3. Invite respondents
Send invitations via email or your existing communication channels. Respondents claim their credentials and submit responses.
4. Analyze results
Review responses, identify patterns, and take action on verified feedback from your team.
Frequently Asked Questions
How is this different from traditional anonymous surveys?
Traditional surveys rely on policy: "we promise not to look." Veranon uses mathematics—there's nothing to look at because identity data never leaves your device during response submission. The server physically cannot connect responses to individuals.
Can Veranon deanonymize feedback if required by law?
No. The system is designed so deanonymization is technically impossible, even for us. When respondent identities don't exist in the system, there's nothing to produce under subpoena. This protects both employees and the organization.
What if someone abuses anonymity?
Organizations can configure moderation workflows and reporting thresholds. Anonymous doesn't mean unaccountable—patterns of abuse can be detected and credentials can be revoked for future surveys without compromising past anonymity.
Does this work with our existing systems?
Yes. Veranon integrates with common identity providers including Google Workspace, Microsoft 365, Okta, and email-based authentication. Custom integrations are available for enterprise deployments.
How long does it take to submit a response?
Claiming your initial credential takes about 5-10 seconds. Submitting a response after that takes 3-5 seconds for the cryptographic proof generation, plus the time to actually fill out your survey.
What browsers are supported?
Veranon works in all modern browsers (Chrome, Firefox, Safari, Edge) with no special software or plugins required. All cryptography runs in standard JavaScript.
Can responses be edited after submission?
No. Each credential can only be used once, and responses are immutable after submission. This prevents abuse while maintaining anonymity. For surveys requiring updates, administrators can create follow-up surveys with fresh credentials.
Experience True Anonymity
Ready to receive feedback your team can trust to be anonymous and you can trust to be authentic?
Veranon is a product of Rank One Labs. For technical questions or custom deployments, visit rankonelabs.com.