While recommender systems based on collaborative filtering have become an essential tool to help users access items of interest, it has been indicated that collaborative filtering enables an adversary to perform passive privacy attacks, a type of the most damaging and easy-to-perform privacy attacks. In a passive privacy attack, the dynamic nature of a recommender system allows an adversary with a moderate amount of background knowledge to infer a user's transaction through temporal changes in the public related-item lists (RILs). Unlike the traditional solutions that manipulate the underlying user-item rating matrix, in this paper, we respond to passive privacy attacks by directly anonymizing the RILs, which are the real outputs rendered to an adversary. This fundamental switch allows us to provide a novel rigorous inference-proof privacy guarantee, known as δ-bound, with desirable data utility and scalability. We propose anonymization algorithms based on suppression and a novel mechanism, permutation, tailored to our problem. Experiments on real-life data demonstrate that our solutions are both effective and efficient.