Isn't this a trivial example though? You require bucket size >= 10 say.
Full on differential privacy is meant to address harder problems. For example, if you assume that there was a minor bug and people were asked to take the mandatory yearly survey again in a week.
Now if you assume that the responses of people who responded before will stay the same when they re-respond, then by taking the difference between both results you can identify some specific people by looking at which bucket counts changed - this would be how the new guy who joined in that week voted.
Differential privacy techniques are meant to anonymise data in way that you can't even do this.
It's trivial to fix in retrospect, nearly impossible to anticipate all similar corner cases ahead of time, and -- most importantly -- indicative of the type of logical bugs our systems of the world have that permit hacking from script-kiddies to state actors.
It may be nearly impossible to anticipate _all_ corner cases, but come on, GP was talking about there only being a sample size of 1; this is super easy to notice and then just not include in the results.
Full on differential privacy is meant to address harder problems. For example, if you assume that there was a minor bug and people were asked to take the mandatory yearly survey again in a week.
Now if you assume that the responses of people who responded before will stay the same when they re-respond, then by taking the difference between both results you can identify some specific people by looking at which bucket counts changed - this would be how the new guy who joined in that week voted.
Differential privacy techniques are meant to anonymise data in way that you can't even do this.