This list is fluffed up, without any checking for veracity. GIGO type of situation.
Given that archive.is is known to DDOS and alter archives (See all the recent HN posts about them)
I even think what archive.is did to their detractor was understandable - in poor taste, definitely black hat, don't do stuff like that, immature as hell, but hey, I get the human impulse that led to the bad decision, and I'm not gonna base whether I use the site or not on that.
There are also many web sites that provide an onion address in addition to their clearnet address. For example, the BBC: https://www.bbc.com/news/technology-50150981
Public key obviously, not private.
Hosts that don't ban tor nodes probably don't have a great reputation.
I don't need the authorities at my door every few weeks wondering why some of the most deplorable internet traffic of all time is coming from my house.
After all, I have no way of knowing what they're up to. It may be good or it may be bad; I can't know. (I suppose I can set up a router to discard packets with the RFC 3514 evil bit set, as a show of good faith, but...)
So I think the risk should be low, but that's just, like, my opinion, man. My opinion doesn't mean that the risk is in fact low.
Has the risk of running an exit node ever been tested in court? Many people, myself included, simply can't afford to have that kind of experience even if we're reasonably sure that it will end up OK.
Some countries like Germany have strict liability, where you must pay a fine for any copyright infringement that happens on your connection unless you register yourself as an ISP yourself. If you're not sure, consult a lawyer to make sure you're not in one of those places.
So with the correction, I agree completely: Running relay node (a thing that deals only with indecipherably-encrypted anonymized data) is not a meaningful risk.
Without even getting into the intricacies and ethics of pooling and providing Spartacus communal anonimty. Wouldn't lending tools that are used for a crime being an accessory, or an accomplice, or at least aiding and abetting?
It's even a bit ridiculous, "If someone does something nefarious with my gun, that's not my responsibility" Yes? Yes it is? Maybe that line is used for something more borderline, but that's definitely your responsibility, if you are allowed to do that at all it's only because of the difficulties of legal procedures and the pressumption of innocence, but that doesn't mean that it's ok to redistribute CSAM and leaked data.
Intent has a lot to do with liability.
My intent with my hypothetical coffee shop is not to provide a dark corner for people to do illegal things online; it is instead my intent for smiling patrons to have a free slice of Internet to go with their not-free cup of coffee. It's just a service that I provide, along with a restroom and a place for people to gather. My options for monitoring it are limited, but if I do notice someone doing stuff that's NFG (whether on the internet or in person), then I'll turn off the taps and tell them to leave. They won't be my customer anymore.
That's not so dissimilar to my ISP's intent when they sell me a month of internet access at home. Their monitoring options are very similar: Observation is difficult (brought to you by NordVPN and https), but if they notice something that is definitely nefarious then I'm likely to be getting a sternly-written letter and/or disconnected.
Most people are generally good -- and most coffee shops (around me, anyway) have free wifi.
The precedent here is that it seems to work, and that we don't have a long and storied history of imprisoning owners of coffee shops and ISP networks.
---
Now, if a person were to hang up a sign on the front their coffee shop that says "FREE WIFI! GET YOUR CSAM HERE!" then that's... that's a rather different kind of intent, and in a fair and just world it wouldn't be too long before the person who hung up that sign would behind bars.