When you run a Web or application proxy on your computer, requests and connections forwarded through that proxy will appear to originate from your computer. So if someone uses the proxy to send or receive material that a third party objects to, you could receive complaints that assume that you are responsible and may ask you to stop that activity. In some cases, activities using your proxy could attract legal action or the attention of law enforcement agencies in your own or another country.
In some countries, proxy operators have received legal complaints, and, in some cases, law enforcement agents have seized computers that were functioning as proxies. This could happen for several reasons:
- Someone may wrongly assume that the operator of the proxy computer was personally involved in activity passing through the proxy.
- Someone may assert that the operator of the proxy has a legal duty to stop certain uses.
- Someone may hope to examine the proxy to find evidence (e.g. logfiles) of who was responsible for some activity.
If you think this could be a risk for your proxy in your area, it may be safer to operate the proxy on a dedicated computer in a data center.
National laws may vary in the way and extent they protect proxy operators from liability. For details about your situation, you should consult a lawyer or qualified legal expert in your jurisdiction.
Internet service providers may also complain about your operation of a proxy, especially if they receive complaints about abuse of the proxy. Some ISPs may assert that running a public proxy violates their terms of service, or that they simply do not wish to permit users to run public proxies. These ISPs may disconnect you or threaten to disconnect you in the future.
Risks of operating a non-public proxy
These risks still exist if you operate a proxy for your own benefit or for the use of a small number of individuals, but operating a non-public proxy is much less risky than operating a public proxy.
If the user of your non-public proxy is detected and monitored, whoever is doing the monitoring may realize or speculate that there is a connection between you and the user and that you are trying to help that person circumvent filtering.
Although your own ISP is much more likely to object to your running a public proxy than a private proxy, some ISPs may have such comprehensive anti-proxy policies that they object even to the operation of a private proxy on their networks.
Risks of operating a Tor node (Tor relay)
A Tor node is a kind of public proxy, so running one can have the risks described above. However, a Tor node is typically set up in one of two ways: as an exit node or as a middleman node (sometimes called a non-exit node). A middleman node forwards encrypted traffic only to other Tor nodes, and does not allow anonymous users to communicate directly with sites outside of the Tor network. Running either kind of node is helpful to the Tor network as a whole. Running an exit node is particularly helpful because exit nodes are comparatively scarce. Running a middleman node is comparatively less risky because the middleman node is unlikely to draw the kinds of complaints that a public proxy might, since the IP address of a middleman node will never appear on log files.
Another Tor node configuration, called a bridge, is available specifically to help other users circumvent Internet censorship. Since a bridge is not an exit node, you are unlikely to receive complaints about the use of a bridge node by others.
Even though it is unlikely to draw specific complaints, operating a middleman or bridge node may cause your Internet service provider to object for more general reasons. For example, the ISP may disapprove of the Tor network or may forbid subscribers from operating any sort of public service.
Data retention laws might regulate proxy operation
In some countries, data retention laws or similar laws meant to restrict anonymity might be interpreted to regulate the operation of proxy services. For more information about data retention, see http://en.wikipedia.org/wiki/Telecommunications_data_retention.
