Anonymous surveys that aren't so anonymous

If the site is based on ASPX files, then it is more than likely that this is a ASP.NET application - most probably hosted on IIS.

IIS has a very simple checkbox to enable Windows Integrated Authentication.

IE, on Windows 7, will by default send your credentials to any web server in the local intranet. (This is not your password, don't worry, but it is Windows based authentication - either Kerberos or NTLM).

This is very straightforward to associate your Windows Domain account with your survey answers...

That's incredible simple, and a really old trick.

Create a different survey for each department, even if the surveys have the same questions.

• Everyone that answers to Survey X is from Department A.
• Everyone that answers to Survey Y is from Department B.

Then, you just need to mash up the results and you're done!

That alone is enough to do a lot of information gathering, without any special tricks.

Brazillian banks did something similar, on paper surveys - each manager was to distribute to his subordinates copies of the survey. However, each manager got his copies on paper of a different color - so everyone that answered the yellow copy was from RH, everyone that answered the blue copy was from Finances, everyone that answered the pink copy was from Sales, and so on. Even if you didn't ask for the employee department, name or registry number, you knew from where he was and in what department he worked.

The website will record your IP address. The Company's network assigns your IP address. Just associate the two ...