If the anonymization service got abused the IP address of the exit mix is usually identified. Often it is the case that the server is assumed to cause the abuse.
Already before getting the first abuses there is something one can do to minimize the trouble later on:
# aptitude install lighttpd)
SRC: DocumentRoot /home/mix/stable/misc/exit-mix-notice DEB: DocumentRoot /usr/share/mix-exit-notice
It is quite often the case that a bunch of spam mails is sent using the web interface of a mail provider. The spammer wants to stay anonymous and is usually using free anonymous services to log himself in to the web interface of a mail provider.
The recipients of those spam mails are able to trace their origin to the exit mix looking at the sent headers. They send an abuse mail to the ISP of the exit mix and the ISP in turn forwards this mail to the one renting the server and expects feedback after it is processed. Do not ignore these abuse mails even if they are not relevant in a criminally liable way as this can lead to a violation of the ISP's terms and conditions and finally to a termination of the server.
Generally, one is receiving the complete spam mail including its headers together with the abuse notice. A fictious example:
Dear customer, . We received a complaint regarding an IP assigned to you. Please see the complaint at the bottom of this e-mail. We urge you to take appropriate ation to prevent future complaints. . Security Response Team . Return-path: <email@example.com> Delivery-date: Fri, 14 Mar 2015 06:39:21 +0200 Received: from pra7.smp.wab.co.za ([220.127.116.11]) .... Received: from 18.104.22.168 (SquirrelMail authenticated user medium) by mail.domain.tld with HTTP; Date: Fri, 14 May 2010 07:37:04 +0300 (EAT) Subject: HELLO!! From: ........
In the last section Received: may the necessary information be found to forward the abuse notice on your part. The headers are always different and every abuse notice has to be addressed individually.
Forward the abuse notice to the abuse account of the mail provider and ask for deleting the spam account. Furthermore, send the forwarding as a copy to the security response team of your ISP in order to give them feedback showing that and how you reacted to the abuse notice. Most providers are satisfied with that. They forward your response on their turn to the sender of the abuse notice.
By spamming via mail or in forums it happens on and off that an exit mix is listed as spam IP by a DNSBL.
For free exit mixes this is usually no problem as long as the server is not used for spamming as well. Mostly, the ISPs hold the position that the user of the server is responsible herself whether the IP address is on a DNS blacklist or not. As the most DNSBL are analyzing comments in forums as well it were a Sysiphos job for an admin to remove the server from all DNSBL over and over again. As this is not affecting the normal mix operation, free exit mixes can ignore this problem. Own e-mails should be sent over an other IP address.
For premium services is the situation a bit different. As these services are allowing to send e-mails via SMTP anonymously as well the exit mix operators should make sure that their servers are no listed on a DNSBL. The webpage Spam Database Lookup offers the opportunity to check a multitude of DNSBL.
If victims of stalking and offenses are addressing themselves to exit mix operators one can point to the opportunity to block anonymous usage. Webservices (Blogs, Forums, Wikis or other webpages) can be banned on all exit mixes if the operator of a webpage does that want.
Copyright infringements are very rare. The automatically generated copyright infringements are unknown to most exit mix operators. The free cascades can only be used for surfing anonymously and BitTorrent via premium services is not very profitable. Instead of paying for the traffic one can buy the desired video.
An order on an online shop was made using wrong personal data and anonymization services. The goods are delivered but the bill is not being paid. The owner of the online shop Der Online-Händler makes a report and provides the saved IP address as evidence. A routine investigation is started and the operator of the exit mix in question is summoned sometime be it as a suspect or be it as a witness.
This is no reason for concern. Accept the appointment of the summoning or arrange one that fits better. Explain to the prosecutors what you are doing and that an identification of the offender is not possible by means of the IP address. A protocol is written and the investigation against the exit mix operator is discontinued. A prepared fact sheet about JonDonym is helpful here. (Possibly, the prosecutor him/herself is going to use this service in the future to avoid data traces while surfing the Web.)
With some routine you may answer the summoning written and ask whether your personal appearance to clarify further questions is necessary.
Mix operator do not act independent of laws. Due to severe criminal offenses there is the possibility that a mix operator is forced by a legally binding enactment to log data with the aim to deanonymize users.
Do not play a cat-and-mouse game with officials. Do not say you are agreeing to this telecommunication surveillance to deliver later on meaningless data that are not analyzable without the cooperation of the other mixes within your cascade. Explain how JonDonym is working and that the cascade your mix is belonging to is (hopefully) an international one meaning the mixes are located in different countries and get advice from a lawyer.
If you have to log data remind the following points:
Similarly to the case of obtaining credit by false pretences and other minor offenses it is possible as well that the operator of a mix is treated as a suspect regarding severe offenses. But you probably won't get a summoning at once, though. Rather, the investigation against you is going to start unnoticed and is presumably including the surveillance of telecommunication connections and the observation of your money transfers among others.