Pages:
Author

Topic: Beware, MtGox arbitrarily freezing verified accounts - page 2. (Read 40407 times)

legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
Strange things happening at mtgox lately. My account is verified with different withdrawal limits

http://imgur.com/a/FhfF9
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
    • Because of AML requirements, we need an utility bill or any other proof of home address (having received a yubikey is not acceptable).
    Not that I don't believe you, but is there any evidence or proof you can provide of this claim? I suspect, and I think a lot of other people suspect this too, that it's actually an anti-fraud requirement and not an AML requirement. And the difference is very significant.
    legendary
    Activity: 1372
    Merit: 1008
    1davout
    I had missed this.
    That's normal MT edited his post afterwards to add this, maybe because he felt like somehow diverting the thread from the actual issue at hand was necessary.

    Is this serious, davout? You people from Paymium tried to take over the bitcoin.fr domain by registering a trademark?
    Right now bitcoin.fr hosts an ad-ridden crappy blog with the last post being months old, see for yourself.
    We felt that the French public deserved a better introduction to Bitcoin than a placeholder site waiting for the domain value to go up.

    And so yes, we wanted bitcoin.fr to redirect to a french version of bitcoin.org.

    The full e-mail exchange is here, judge for yourself.

    A couple of highlights :
    Quote from: MT
    We are an AFNIC registrar and have access to procedures to reclaim domains (we already did it in the past without any issue).

    Quote from: Pierre
    We will make our bitcoin trademark available to anyone while trying to prevent such situation. [...]  bitcoin.fr in my opinion should redirect to some french version of bitcoin.org

    Either way this is way off-topic, if there are any questions about this please make another thread, I'll happily comment there.

    We take full responsibility and stand by our actions. It would be nice to see a bit less mudslinging and a bit more responsibility from a commercial company handling my passport scans. (Read: acknowledge a sub-optimal data migration and unfreeze my account after digging in the AML archive for thirty seconds, if necessary reduce the withdrawal limits to those of an unverified account).
    hero member
    Activity: 630
    Merit: 500
    Paymium, I remember seeing that in my mailbox... Yep, the guys who registered a "bitcoin" trademark in France to steal the bitcoin.fr domain. Hope now they know that no, it's not "legit" to register a trademark for the purpose of taking over a domain name.
    Pathetic.

    I had missed this.
    Is this serious, davout? You people from Paymium tried to take over the bitcoin.fr domain by registering a trademark?
    legendary
    Activity: 4760
    Merit: 1283
      Anyway, as usual, Paypal's site would not let me do what I wanted to do so I called.  The lady took my DOB and SSN over the phone and said that everything is now cool.



    and she entered it into the same DB you refused to put in in the first place. Only difference is you now comminucated it to some $7/hour slave. Yah, you're definitely better off now  Roll Eyes. Mtgox is cancer, paypal is slightly better but still shit. Do everything you can to p2p transfer.

    Good advice on the preference for p2p.  Person-2-Persons is what I prefer when it can be arranged, and that's probably the way I'll try to liquidate much of my Bitcoin, again if/when I choose to do so.

    The photo-ID thing is pretty weird and I don't like it.  Next it will be DNA samples I suspect.  That the US state department was instructing their personal to obtain DNA samples of foreign dignitaries is actually pretty interesting.  A risky move which I suspect would not be undertaken without significant expectation of a specific use for the data.

      http://www.wired.com/dangerroom/2010/11/u-s-chases-foreign-leaders-dna-wikileaks-shows/

    But back to Paypal, in spite of their spiel about the government is requiring blah, blah, blah, in the end they let me pass by speaking 13 numbers into a phone.  So it seems to me that Paypal, at least, is going above and beyond the minimum requirements on the part of the US government.  The extra data they are collecting must be of some value I guess, or maybe they are just being proactive.  One wonders exactly what the minimum requirements Mt. Gox needs to meet are and if they are gathering extra data as a target of opportunity.

    sr. member
    Activity: 252
    Merit: 250
      Anyway, as usual, Paypal's site would not let me do what I wanted to do so I called.  The lady took my DOB and SSN over the phone and said that everything is now cool.



    and she entered it into the same DB you refused to put in in the first place. Only difference is you now comminucated it to some $7/hour slave. Yah, you're definitely better off now  Roll Eyes. Mtgox is cancer, paypal is slightly better but still shit. Do everything you can to p2p transfer.
    legendary
    Activity: 4760
    Merit: 1283
    Paymium, I remember seeing that in my mailbox... Yep, the guys who registered a "bitcoin" trademark in France to steal the bitcoin.fr domain. Hope now they know that no, it's not "legit" to register a trademark for the purpose of taking over a domain name.
    Pathetic.

    As a person who trusts more funds with you through Instawallet than is normally my nature, I have a keen interest in how you handle the various affairs that you are involved in.  I was hoping for a more detailed response on this one.

    Separately, I'm sorry to see the Mt. Gox is fucking with you.  It's not crystal clear if 'not legit' is defined as something which Mt. Gox can use as an excuse to take your money or what, but I am interested on an academic level.  I had already planned on exploring alternates if/when I decide to cash out (of Bitcoin) in a significant way, but this goes some distance toward solidifying my plans.

    As a vague aside, I got my issues worked out with Paypal so I'm probably going to go back to using them as usual...the memory of what they did to Wikilieaks becoming dim and easier to palate...  Paypal wanted my SSN card, proof of residence, and a photo ID.  The latter is a no-go since I don't trust them not to sell it to the highest bidder (esp, the NSA) or have if ripped by hackers..and to trust Paypal's security engineering significantly more than Mt. Gox's.  Anyway, as usual, Paypal's site would not let me do what I wanted to do so I called.  The lady took my DOB and SSN over the phone and said that everything is now cool.

    legendary
    Activity: 1372
    Merit: 1008
    1davout
    Found the IRC message in the log, but could have been better by email.
    Will do next time.

    Anyway your account shows no trace of ever being verified.
    Oh sorry then, I guess my withdraw limits magically went to those of a verified account, see previous screenshot. Or your very own DB if you don't trust me.

    However when creating the new system is was not practical to manually go through all those emails and transfer the data to the secure storage.
    This must be some kind of joke. When I trade on your platform I don't find it practical to pay fees, can I skip that ?
    We all pay to use mtgox, in exchange we all expect some level of service, part of that would be that when you migrate a system, you migrate the data that goes with it even if it's "not practical".

    Because of AML requirements, we need an utility bill or any other proof of home address (having received a yubikey is not acceptable).
    Fine, I have no problem with that. Just don't lock down my account, give it unverified withdrawal limits if there are documents missing.

    Also should be noted that the old MtGox system did not track users' verification status, causing all verified status to vanish when the switch was done in June 2011. Users were invited to re-verify at that time. If you didn't, then it means your account was not verified, and as such can end needing to be verified if specific conditions are met.
    Again, my limits say otherwise, and I didn't get notified of anything related to having to submit additional documentation.

    Paymium, I remember seeing that in my mailbox... Yep, the guys who registered a "bitcoin" trademark in France to steal the bitcoin.fr domain. Hope now they know that no, it's not "legit" to register a trademark for the purpose of taking over a domain name.
    Pathetic.
    legendary
    Activity: 2128
    Merit: 1073
    Paymium, I remember seeing that in my mailbox... Yep, the guys who registered a "bitcoin" trademark in France to steal the bitcoin.fr domain. Hope now they know that no, it's not "legit" to register a trademark for the purpose of taking over a domain name.
    I'm just quoting the most interesting part to be able to find it faster in the future.
    hero member
    Activity: 630
    Merit: 500
    If multiples accounts access from the same IP, they can't know whether it's the same individual trying to trade more than the threshold, or if they're multiple individuals.
    If multiple accounts access from different IPs, they also can't know whether it's the same individual or not. So detecting account accesses from the same IP seems kind of pointless.

    Well, I guess it might be enough to say you've tried your best using all technology available. MtGox does try to ban anonymous proxies, for example. There's that casino which makes lots of effort in trying to forbid USA players, by blocking IPs of proxies too. But of course, both may eventually let something pass. Even the GFW of China has its holes.

    If such restrictions are enough to get MtGox labeled as "cooperative" by IRS/FBI/whatever, then they're good.
    full member
    Activity: 128
    Merit: 100
    I'm doin' fine on cloud 9

    It must be tough running a service that everyone wants a piece of. :-)

    -p
    vip
    Activity: 608
    Merit: 501
    -
    And apparently MT has too much on his plate to even acknowledge an IRC message.

    Found the IRC message in the log, but could have been better by email.

    Anyway your account shows no trace of ever being verified. This said if you "verified" using the very old method of sending docs by email to myself, it actually has no effect for two reasons:
    • We created the new process because sending documents by email is only secure if all relaying MX servers are trusted and support SSL, and because of the large volume of emails we received. However when creating the new system is was not practical to manually go through all those emails and transfer the data to the secure storage.
    • Because of AML requirements, we need an utility bill or any other proof of home address (having received a yubikey is not acceptable).
    .
    Also should be noted that the old MtGox system did not track users' verification status, causing all verified status to vanish when the switch was done in June 2011. Users were invited to re-verify at that time. If you didn't, then it means your account was not verified, and as such can end needing to be verified if specific conditions are met.

    It should also be noted that we are actually required to require AML data from all customers, but allow use of the service anyway as long as we don't see anything that could be suspicious (in case of fraud we end paying if we don't have any aml data). "Suspicious" is defined as anything that has been known to be done by hackers. This includes accessing multiple accounts, using proxies, etc...


    Also an extra note:
    So apparently it's because Paymium and I both have MtGox accounts, and we're connecting from the same IP (wow, surprise surprise)

    Paymium, I remember seeing that in my mailbox... Yep, the guys who registered a "bitcoin" trademark in France to steal the bitcoin.fr domain. Hope now they know that no, it's not "legit" to register a trademark for the purpose of taking over a domain name.
    full member
    Activity: 128
    Merit: 100
    I'm doin' fine on cloud 9

    09:38 < phungus> damn, fail... https://bitcointalksearch.org/topic/beware-mtgox-arbitrarily-freezing-verified-accounts-105638
    09:38 < Title> [ Beware, MtGox arbitrarily freezing verified accounts ]
    09:39 <@MagicalTux> phungus: just checked, his account is not verified, and was never verified


    Davout, looks like they don't think you are verified.

    -p
    legendary
    Activity: 1372
    Merit: 1008
    1davout
    Last response from the support :
    Quote
    Gene, Sep 04 17:57 (JST):
    Hello David,

    We did check and your account requires verification and we are sorry that we will not be able to proceed without the verification as per our policy.We request you to submit the documents for verification so we can have the account verified by our AML team.Thank you for your cooperation and patience in the process.

    Thanks,

    MtGox.com Team

    My answer :
     - My account is verified
     - You have a copy of my passport
     - You sent a Yubikey to my home address
     - My account didn't go to an "Unverified" state, it went to "Fully locked". Right now I can not withdraw even a single bitcent.

    If you want to somehow unverify my account because the documenation I submitted isn't enough anymore then fine, but take me to "Unverified", not "Locked down".

    Additionnaly if there are additional verification requirements since September 2011 you should have notified me in advance, let me decide whether I wanted to comply or take my business elsewhere. But CERTAINLY NOT freeze my account and lock my funds without any kind of police report or accountability.

    I do not think it is bad to have stringent AML requirements, it's even necessary. But the way they are implemented in my particular case is not acceptable. I refuse to see my money frozen arbitrarily and instantly.

    The minute my account becomes unlocked I will repost my documentation because I'm willing to comply with the AML requirements. What I do not accept is the "locked funds" way of bullying people.

    See my withdrawal limits to check that my account was indeed verified :

    legendary
    Activity: 1596
    Merit: 1012
    Democracy is vulnerable to a 51% attack.
    If multiples accounts access from the same IP, they can't know whether it's the same individual trying to trade more than the threshold, or if they're multiple individuals.
    If multiple accounts access from different IPs, they also can't know whether it's the same individual or not. So detecting account accesses from the same IP seems kind of pointless.

    Quote
    They could, though, sum the amounts transfered by all unverified accounts using the same IP and only block them when the total unverified amount passes the threshold. Verified accounts, as davout's, should not be frozen because an unverified account used the same IP.
    I still think this is pretty boneheaded, but not as boneheaded as what they actually do. There are still many small ISPs whose clients *all* share a single public IP.
    sr. member
    Activity: 476
    Merit: 250
    Still getting the third party thing down...
    hero member
    Activity: 630
    Merit: 500
    It's funny how often the expression "for your own security" is used as a justification for actually screwing you somehow. Even MtGox guys can't avoid using the rhetoric. (nothing personal, MtGox folks... but you could be more direct and frank about stuff, people here would understand Wink)
    hero member
    Activity: 630
    Merit: 500
    I can see very little justification for keeping this 'security feature'. If somebody was hacking accounts ...

    This has nothing to do with security.
    They have to be sure a given individual does not trade more than a small threshold, in order to catch tax evaders. It's not there to protect you or to catch actual criminals.
    If multiples accounts access from the same IP, they can't know whether it's the same individual trying to trade more than the threshold, or if they're multiple individuals.

    They could, though, sum the amounts transfered by all unverified accounts using the same IP and only block them when the total unverified amount passes the threshold. Verified accounts, as davout's, should not be frozen because an unverified account used the same IP.
    full member
    Activity: 182
    Merit: 100
    Is this for the security of users? Or is it required by any regulations (directly or indirectly)?

    If neither is true, Mtgox should consider removing this feature. Just my opinion  Lips sealed
    sr. member
    Activity: 412
    Merit: 250
    I suspect the only reason that this 'security feature' is even remotely practical at the moment is the sheer isolation of most bitcoin users.

    Many offices/households share an IP and quite a few even share a particular machine for browsing.
    I can see this being a major pain when I  get colleagues/families more interested in this thing.


    +1
    I can see very little justification for keeping this 'security feature'. If somebody was hacking accounts I doubt they would do it from one IP anyway. Unless the real reason for this feature is to prevent users from setting up multiple accounts?
    Pages:
    Jump to: