[aiiane]

You can display the # of items already entered and the timestamps they were entered at (but not the values). It's not perfect, but it would help eliminate the "pre-loading" attack. However, that still leaves the "post-loading" attack, where you send someone a blank link, and then afterwards, fill in the other entries with known values.

[hmsimha]

This (and the other suggestion by zerr) still leave the potential for someone to create multiple false 'minimum' datapoints, then target one of their coworkers to find out their salary.

[aiiane]

Yeah, it's not at all foolproof or even great. I don't think there's really a good solution that still provides true anonymity, since the only way to prevent box-stuffing is to actually restrict people to one entry per real person (and that generally requires a more involved real-world authentication process).

[narcissus]

That's cool. I can definitely do that and then maybe put a message about options for if you don't completely trust the person that sent you the link... Thanks!