Current LLM-based text anonymization frameworks usually rely on remote API services from powerful LLMs, which creates an inherent "privacy paradox": users must somehow disclose data to untrusted third parties for superior privacy preservation. Moreover, directly migrating these frameworks to local small-scale models (LSMs) offers a suboptimal solution with catastrophic collapse in utility based on our core findings. Our work argues that this failure stems not merely from the capability deficits of LSMs, but from the inherent irrationality of the greedy adversarial strategies employed by current state-of-the-art (SoTA) methods. We model the anonymization process as a trade-off between Marginal Privacy Gain (MPG) and Marginal Utility Cost (MUC), and demonstrate that greedy strategies inevitably drift into an irrational state. To address this, we propose Rational Localized Adversarial Anonymization (RLAA), a fully localized and training-free framework featuring an Attacker-Arbitrator-Anonymizer (A-A-A) architecture. RLAA introduces an arbitrator that acts as a rationality gatekeeper, validating the attacker's inference to filter out feedback providing negligible benefits on privacy preservation. This mechanism enforces a rational early-stopping criterion, and systematically prevents utility collapse. Extensive experiments on different datasets demonstrate that RLAA achieves the best privacy-utility trade-off, and in some cases even outperforms SoTA on the Pareto principle. Our code and datasets will be released upon acceptance.

翻译：当前基于大语言模型（LLM）的文本匿名化框架通常依赖于远程API服务调用强大LLM，这造成了一个固有的“隐私悖论”：用户必须将数据披露给不可信的第三方才能获得更优的隐私保护效果。此外，根据我们的核心发现，直接将这些框架迁移至本地小规模模型（LSM）会带来次优解，并导致效用灾难性崩溃。本研究认为，这种失效不仅源于LSM的能力缺陷，更源于当前最先进（SoTA）方法所采用的贪婪对抗策略本身的不理性本质。我们将匿名化过程建模为边际隐私增益（MPG）与边际效用成本（MUC）之间的权衡，并证明贪婪策略必然导致系统陷入非理性状态。为解决此问题，我们提出了理性本地化对抗匿名化（RLAA）框架——一个完全本地化且无需训练的框架，采用攻击者-仲裁者-匿名器（A-A-A）架构。RLAA引入仲裁者作为理性守门人，通过验证攻击者的推断来筛选掉对隐私保护增益微乎其微的反馈。该机制强制执行理性的早停准则，系统性地防止效用崩溃。在不同数据集上的大量实验表明，RLAA实现了最优的隐私-效用权衡，在某些情况下甚至基于帕累托原则超越了现有最先进方法。我们的代码与数据集将在论文录用后开源。