Relay liability is going to depend on knowledge. What’s going to happen in practice is that someone at, say, the FBI gets a lead that something prohibited is being accessed in some group and they’re going to look for evidence. If your IP serves them anything dodgy, they’re not going to roll the SWAT team (probably) but they’re going to see if they can find evidence that you are an active participant before they contact you or your hosting company.
What’s going to happen after that is going to depend on what they’ve found and how innocent/unaware you look, and your reaction. They don’t raid Dropbox’s hosting center because it’s unlikely that a large business is a secret criminal front operation and they have an established practice of sending warrants and getting information or takedowns but if you’re a single person or small business there’s more room for doubt and they might be more aggressive. If you do look like an innocent whose service is being abused by criminals, I’d expect the initial impact to be only blocking that material / user and turning over all of the information that you have about their activity. If that keeps happening, or you tell them that you don’t keep logs, etc. that might change to them thinking you’re actually trying to help their targets, and the next time it happens might be less charitable.
Anyone operating a relay should think about how that’d look sad what the damage could be: don’t run it on hardware you couldn’t afford to lose if it’s seized as evidence, your business partners and people you live with need to know & accept the risk, and you want to think carefully about the personal impacts of any investigation. For example, if you work at a school or church running a Tor exit node is probably a bad idea because even an investigation finding nothing could have significant damage to your reputation since there’s always that “what if he just hid it well?” question which can’t be un-raised.
What’s going to happen after that is going to depend on what they’ve found and how innocent/unaware you look, and your reaction. They don’t raid Dropbox’s hosting center because it’s unlikely that a large business is a secret criminal front operation and they have an established practice of sending warrants and getting information or takedowns but if you’re a single person or small business there’s more room for doubt and they might be more aggressive. If you do look like an innocent whose service is being abused by criminals, I’d expect the initial impact to be only blocking that material / user and turning over all of the information that you have about their activity. If that keeps happening, or you tell them that you don’t keep logs, etc. that might change to them thinking you’re actually trying to help their targets, and the next time it happens might be less charitable.
Anyone operating a relay should think about how that’d look sad what the damage could be: don’t run it on hardware you couldn’t afford to lose if it’s seized as evidence, your business partners and people you live with need to know & accept the risk, and you want to think carefully about the personal impacts of any investigation. For example, if you work at a school or church running a Tor exit node is probably a bad idea because even an investigation finding nothing could have significant damage to your reputation since there’s always that “what if he just hid it well?” question which can’t be un-raised.