[fermisea]

What about this? Consider a toy system: everyone gets issued a UUID, everyone can see how every UUID voted, but only you know which one is your vote.

This is of course flawed because a person can be coerced to share their ID. In which case you could have a system in which the vote itself is encrypted and the encryption key is private. Any random encryption key works and will yield a valid vote (actual vote = public vote + private key), so under coercion you can always generate a key that will give the output that you want, but only you know the real one.

[looperhacks]

Besides the fact that 99% of the general population won't be able to understand this, a $5€ wrench says that you show me proof of the correct private key (either by you showing me the letter you received, me being present when you set it up, or however it is set up)

[Muromec]

You have to trust that both 1) the UUID issuing party is not keeping the actual id to uuid mapping in the logs 2) the same party isn't allocating an excessive number of uuids to mass-vote for the "good" choice.

In-person voting does provide these guarantees, to extent that violating them will be discoverable and both parties have an incentive to discover such things.