While anonymity networks such as Tor provide invaluable privacy guarantees to society, they also enable all kinds of criminal activities. Consequently, many blameless citizens shy away from protecting their privacy using such technology for fear of being associated with criminals. To grasp the potential for alternative privacy protection for those users, we design Seldom, an anonymity network with integrated selective deanonymization that disincentivizes criminal activity. Seldom enables law enforcement agencies to selectively access otherwise anonymized identities of misbehaving users while providing technical guarantees preventing these access rights from being misused. Seldom further ensures translucency, as each access request is approved by a trustworthy consortium of impartial entities and eventually disclosed to the public (without interfering with ongoing investigations). To demonstrate Seldom's feasibility and applicability, we base our implementation on Tor, the most widely used anonymity network. Our evaluation indicates minimal latency, processing, and bandwidth overheads compared to Tor; Seldom's main costs stem from storing flow records and encrypted identities. With at most 636 TB of storage required in total to retain the encrypted identifiers of a Tor-sized network for two years, Seldom provides a practical and deployable technical solution to the inherent problem of criminal activities in anonymity networks. As such, Seldom sheds new light on the potentials and limitations when integrating selective deanonymization into anonymity networks.

翻译：尽管Tor等匿名网络为社会提供了宝贵的隐私保障，但它们同时也助长了各类犯罪活动。因此，许多无辜公民因担心与犯罪分子产生关联而不敢使用此类技术保护自身隐私。为探索为这类用户提供替代性隐私保护的潜力，我们设计了Seldom——一种集成选择性去匿名化机制、能抑制犯罪活动的匿名网络。Seldom使执法机构能够选择性访问行为不端用户的匿名身份，同时通过技术保证防止这些访问权限被滥用。Seldom进一步确保透明度，因为每个访问请求都需经可信的中立实体联盟批准，并最终向公众披露（且不影响正在进行的调查）。为验证Seldom的可行性与适用性，我们基于当前使用最广泛的匿名网络Tor进行系统实现。评估结果表明，与Tor相比，Seldom仅产生极小的延迟、处理和带宽开销；其主要成本源于流记录与加密身份的存储需求。在一个规模与Tor相当的网络中，存储两年加密标识符所需总存储量最多为636 TB，这使Seldom为匿名网络固有的犯罪活动问题提供了切实可行的技术解决方案。由此，Seldom为在匿名网络中集成选择性去匿名化机制的潜力与局限性提供了新的见解。