On 8/21/16, Michael McConville mmcco@mykolab.com wrote:
Anything other than Tor running on the server is a liability. I'd be particularly concerned about things like Owncloud (not to mention web servers), which has a history of security vulnerabilities. I think it's best to restrict Tor relays to dedicated installs.
Not only security of the relay, but of any dependencies and privacy of any other operations and data you may have on it should it get seized for whatever reason. Of course risk of seizure is less with non-exits.
Since anyone can run a relay, and there aren't any relay police or hardcoded restrictions, it's really up to you and what you're comfortable with. For example, many might use their VPS space to store encrypted backups offsite, or run various small services that have minimal risk or attack surface.
And to the extent that doing things will make you a better admin, able to weigh operation security, there can be a lot of good in that too.