[handsomeransoms]

Part of the problem of running an exit node is that it's unclear how "safe" it actually is, and as a result there is a lot of rumor and paranoia. Every country has different laws that affect the legal status of an exit node operator.

For example, an Austrian man was arrested in 2011 for running an exit node and charged with being an accomplice to crimes that were carried out over Tor using his exit node. He was ultimately found not guilty, but a law was passed as a result that effectively makes it illegal to run a Tor exit in Austria. [0]

Meanwhile, in the US no one has ever been arrested simply for running a Tor exit node (at least to my knowledge). Anecdotal information suggests that the most difficult thing is finding someone to host the node (many cloud VPS providers, for example, will not) if you don't host it yourself. A Reddit commentator and operator of Tor exits suggests that running Tor exits is protected under U.S. law, although I'm not sure if this has been tested in court [1].

I think Mozilla should take the (relatively small, due to their presence in the U.S.) risk of running Tor exit nodes. They could even turn it into a project of its own, to explore the common problems and develop some best practices for running Tor exits. I could imagine this being a fruitful collaboration with the EFF, for example!

[0] https://www.techdirt.com/articles/20140701/18013327753/tor-n... [1] http://www.reddit.com/r/IAmA/comments/20243q/iaman_operator_...

[john61]

The case is Austria was complicated because the court found chat protocols from him:

„You can host 20 TB child porn with us on some encrypted hdds“

The judge argues that this is more than just providing infrastructure, it is advertising illegal content / behavior. So this case is not representative for evaluating the risk of running a tor exit node.

http://futurezone.at/netzpolitik/strafe-fuer-tor-betreiber-g...

[rhinoceraptor]

What would be great is if a foundation came along that offered people a way to sponsor a Tor node without having to own or operate it themselves.

[hendi_]

There already is: https://www.torservers.net/

[javaun]

I work at Mozilla, and the folks at Torservers.net were extremely helpful in helping us get up to speed quickly. We're hoping to contribute to the public body of knowledge on how to operate servers efficiently, both in terms of effort and cost.

[dmix]

Great, documentation and design contributions from Mozilla would be as valuable as running nodes. That is something they do well.

[BrianEatWorld]

IANAL, but would this just require someone incorporating or starting an LLC and then paying for the exit nodes in the name of that entity? Would that be sufficient protection?

[iancarroll]

Also not a lawyer, but you can still be charged criminally in the USA:

"Charging a corporation, however, does not mean that individual directors, officers, employees, or shareholders should not also be charged. Prosecution of a corporation is not a substitute for the prosecution of criminally culpable individuals within or without the corporation"

from http://www.justice.gov/criminal/fraud/documents/reports/1999...

[tedunangst]

"sole proprietor" LLCs don't have as limited liability as one may hope. you need more people to shift the blame around.

[cyphunk]

Why isn't the EFF already running an exit node to confront the legal ambiguity issue?

[pfg]

Actually, as for the case in Austria, he was found guilty as an accomplice for distributing child porn (which was carried out on his exit node.)

[gcb0]

tor exit is effectively a proxy. nobody should run an open proxy. that's just common sense.

on the other hand it may be a good feature if implemented correctly. for example, sites explicitly saying they allow tor exit connections would be a good start.

[userbinator]

Tor is effectively an open proxy (or set of them).