Mixnets provide strong meta-data privacy and recent academic research and
industrial projects have made strides in making them more secure, performance,
and scalable. In this paper, we focus our work on stratified Mixnets -- a
popular design with real-world adoption -- and identify that there still exist
heretofore inadequately explored practical aspects such as: relay sampling and
topology placement, network churn, and risks due to real-world usage patterns.
We show that, due to the lack of incorporating these aspects, Mixnets of this
type are far more susceptible to user deanonymization than expected. In order
to reason and resolve these issues, we model Mixnets as a three-stage
``Sample-Placement-Forward'' pipeline, and using the results of our evaluation
propose a novel Mixnet design, Bow-Tie. Bow-Tie mitigates user deanonymization
through a novel adaption of Tor's guard design with an engineered guard layer
and client guard-logic for stratified mixnets. We show that Bow-Tie has
significantly higher user anonymity in the dynamic setting, where the Mixnet is
used over a period of time, and is no worse in the static setting, where the
user only sends a single message. We show the necessity of both the guard layer
and client guard-logic in tandem as well as their individual effect when
incorporated into other reference designs. Ultimately, Bow-Tie is a significant
step towards addressing the gap between the design of Mixnets and practical
deployment and wider adoption because it directly addresses real-world user and
Mixnet operator concerns