1. Live in a country in which law enforcement follows the law and the law does not prohibit running tor, as noted in a response.
2. Hire a lawyer competent on cybercrime, intellectual property and freedom of speech.
3. Set up a non-profit or other legal entity with the explicit purpose of running tor exits/relays (stated in the articles of incorporation or similar founding documents, depending on the country and type of legal entity). Make sure its address is not your home address.
4. Purchase or rent the necessary hardware through the legal entity (don't ever do anything unrelated to the tor exits from this entity). Make sure you co-lo it in a datacenter, do not run any exits in your office and especially not in your home. Avoid having any hardware you rely on not being seized in close (physical -- same rack or logical -- e.g. same network) proximity. Explain to your host that you'll be running tor exits. Clearly label your systems as tor exits in any possible way you can manage, including physically on the cases/bezels. Run a web server on their public IPs with a page explaining that this is a tor exit node run by such and such legal entity, set WHOIS data with the same info if possible. Set up reverse DNS with hostnames that clearly state this is a tor exit node.
5. Be ready for trips to the PD in order to explain what tor is and why what you're doing is legal and that it's not you that sent that phishing e-mail, etc. It is a matter of when an illegal activity will be traced back to y̵o̵u̵r̵ the legal entity's exit and no amount of labelling will deter law enforcement from summoning you as a representative of the entity. Reasons being incompetence, desire/requirement to investigate thoroughly, or plainly using inconvenience as a way to discourage you from running the nodes (in the end, tor both creates more work for law enforcement and is a big obstacle to them so they'd rather not have to deal with it if possible).
This is the gist of it. The details need to be discussed with a lawyer. And again all of this relies on the law enforcement and justice systems to follow the law and the law to not prohibit tor. Don't do this in a country in which there's risk of you being black-bagged or held legally responsible for running tor or not keeping traffic logs.
Source: my poor understanding my country's and EU's laws. IANAL.
> Be ready for trips to the PD in order to explain what tor is and why what you're doing is legal
(I am not your lawyer) AFAIK this is still up in the air for U.S. persons - many states make it a crime to help criminals, including when not in the event of commissioning the crime, so you might be
considered an accomplice to said crimes by running the exit node (or even just a relay). This isn't exactly a hot issue nor a clear-cut one so I would doubt D.A.s are interested in bringing you to court after a few times of being explained the situation.
I can't think of a case where this was addressed, so I agree that one might think of it as up in the air, but are you aware of any prosecutor who maintains or expresses this position?
Closely related to this, why wouldn't this position create criminal liability for running an open wifi network, if it turned out to have been used by a criminal? How about for a public library that allows unidentified members of the public to use public computer terminals? How about for running a commercial ISP?
Is the likely argument some kind of common-law imputed duty to not provide too much more privacy to network users than the average ISP does?
But you're right in that, in reality, police departments aren't going to blame a library or a fast food joint for letting illegal activity happen given they didn't know about it and that Wi-Fi is usually not used for such actions. I just think the law gives enough leadway for an extraordinary event to occur where [for example] some U.S. actor gets prosecuted simply for running nodes, likely as the only way for a state actor to take down some criminal enterprise in the event of there not enough evidence to convict of a major crime.
Given the sizable investment of time and money required to run and independent exit node, it might be worth considering throwing your support behind one of the existing non-profits providing exit nodes
running an exit node is a really bad idea.
someone is going to do something dumb on Tor and the local PD isn't going to know anything about Tor and will come knock on your door.
i used to run a relay and even that became too much of a hassle. first my bank blocked me (they block all tor traffic even from relays) and then my companies IT did an audit and saw traffic "coming from tor" to them and politely asked me to stop using Tor. that was the last straw for me, and i took it down.
I've had a similar experience just connecting to my school's Wifi network. Someone left a threatening message on the now dead 'anonymous' chat app(YikYak) using the campus Wifi. Campus PD checked the IP address, saw one of my devices now had that IP, and gave me a call. I spent 5 mins trying to understand what this app was that they were even talking about, and another 10 mins explaining how IP addresses work to them.
