Message encryption does not prevent eavesdroppers from unveiling who is communicating with whom, when, or how frequently, a privacy risk wireless networks are particularly vulnerable to. The Crowds protocol, a well-established anonymous communication system, capitalizes on user collaboration to enforce sender anonymity. This work formulates a mathematical model of a Crowd-like protocol for anonymous communication in a lossy network, establishes quantifiable metrics of anonymity and quality of service (QoS), and theoretically characterizes the trade-off between them. The anonymity metric chosen follows the principle of measuring privacy as an attacker's estimation error. By introducing losses, we extend the applicability of the protocol beyond its original proposal. We quantify the intuition that anonymity comes at the expense of both delay and end-to-end losses. Aside from introducing losses in our model, another main difference with respect to the traditional Crowds is the focus on networks with stringent QoS requirements, for best effort anonymity, and the consequent elimination of the initial forwarding step. Beyond the mathematical solution, we illustrate a systematic methodology in our analysis of the protocol. This methodology includes a series of formal steps, from the establishment of quantifiable metrics all the way to the theoretical study of the privacy QoS trade-off. Copyright © 2013 John Wiley & Sons, Ltd.