Very unlikely if you just hosting an onion service with legal content, where all traffic is encrypted.
Having to deal with law enforcement is unlikely even if you run a normal, encrypted, TOR relay.
Exit nodes, on the other hand, will most likely get letters or even visits by law enforcement. But those are not involved at all when just running an onion service.
There is one form of harassment though, if you run even just a TOR Relay you tend to be put on realtime blackhole lists regularly which will cause random websites to refuse your connection. Things like banks, ticket sites, even your insurance company might suddenly block your connection because your IP is listed as "Exterme Risk, active threats, verified" on one of like 200 RBL sites because someone scraped TOR and put all of the IP addresses they found on there and tagged them as active threats.
Don't run it at home then.
Or do, and call your bank's customer support until they fix it.
Or wait until the next day when it's your neighbour's problem because your IP changes every day and your bank gets a bunch of complaints from different customers who are your neighbours.
....do ISP provided public IPs really change that often...? My homelab's public IP has been the same so long I have all four octets memorized....and I don't remember ever asking (or paying for) a static one.
I know they can, and sometimes do, but do people really experience this daily/weekly?
On DOCSIS and PON networks my experience has been that dynamic IPs are generally stable as long as your DHCP lease is active, so my IP generally wouldn't change unless I changed equipment or there was an extended outage that kept me offline during the entire time it would normally have renewed.
On DSL networks it's been the opposite, if the PPPoE session was lost I was definitely going to get a new IP address, and on some providers the session would be reset every 1-7 days so the IP would change at exactly the same time of day which almost always ended up being in the middle of a work day corresponding with whenever the equipment was last rebooted due to some other problem. I got in the habit of setting up my equipment to restart on its own terms in the middle of the night on those providers, but this came with its own downsides when something would go wrong and it'd fail to negotiate.
> because someone scraped TOR and put all of the IP addresses they found on there and tagged them as active threats.
Yeah, or, hear me out... Someone used the exit node for active attacks. (Gasp! What? On my onion?)
I'm not an exit node, only a relay.
It does make me wonder if people are running very boring polite websites that can suddenly do very not boring or polite things if you know how to ask the right way over an onion address.
Surely I can't be the only one to think of this right?
In fact dozens of US spies and informants were killed or imprisoned when a secret communications network was exposed doing just that. I wish I bookmarked a better source, it described that the HTML for the portal was reused on every site, so once it was discovered on one site, everyone using it was burned.
Here's one article that alludes to it re: CIA informants in Iran, but I seem to remember China killing US spies and it just not making the news at all
"an analysis by two independent cybersecurity specialists found that the now-defunct covert online communication system that Hosseini used – located by Reuters in an internet archive – may have exposed at least 20 other Iranian spies and potentially hundreds of other informants operating in other countries around the world.
This messaging platform, which operated until 2013, was hidden within rudimentary news and hobby websites where spies could go to connect with the CIA. Reuters confirmed its existence with four former U.S. officials."
https://www.reuters.com/investigates/special-report/usa-spie...
Tor does this sort of although not like you think. It's used as a bridge transport.
>https://blog.torproject.org/introducing-webtunnel-evading-ce...
>WebTunnel is a censorship-resistant pluggable transport designed to mimic encrypted web traffic (HTTPS) inspired by HTTPT. It works by wrapping the payload connection into a WebSocket-like HTTPS connection, appearing to network observers as an ordinary HTTPS (WebSocket) connection. So, for an onlooker without the knowledge of the hidden path, it just looks like a regular HTTP connection to a webpage server giving the impression that the user is simply browsing the web.
that seems unwise, you'd be associating your 'impolite' activities with an irl legal identity
Well, you could use a disposable legal identity. Say a hobby site, about bowling.