|
Title: null Post by: theboss on October 01, 2012, 04:27:49 PM null
Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: ArticMine on October 01, 2012, 06:53:23 PM I do no know about MtGox but there are some questions I would ask a lawyer about Apple here if I wished to pursue legal action. I suspect your are not the first person who was locked out of funds or suffered damages because of Apple deleting competitive apps.
1) Were you warned at the Apple store that you would loose your data with the phone change? 2) Did they transfer your data but failed to transfer the data regarding the Google app? Keep in mind that Google is a competitor of Apple here so that may be used against Apple. Was there negligence on the part of Apple here? 3) The Apple EULA may not offer Apple full protection here if there are consumer protection laws that conflict with it. Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: jamesg on October 01, 2012, 07:04:47 PM A good piece of advice for anyone who uses mtgox is to setup multiple OTP/Yubi keys. Mtgox now offers this, use it.
I personally have a yubi key as a backup and google authenticator setup for my mtgox account. Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: casascius on October 01, 2012, 07:07:30 PM Here is a piece of good advice I've heard as well: print your Google Authenticator QR code so you can always reload it later. This goes for anywhere, not just Gox.
Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: ArticMine on October 01, 2012, 07:18:01 PM I do no know about MtGox but there are some questions I would ask a lawyer about Apple here if I wished to pursue legal action. I suspect your are not the first person who was locked out of funds or suffered damages because of Apple deleting competitive apps. 1) Were you warned at the Apple store that you would loose your data with the phone change? 2) Did they transfer your data but failed to transfer the data regarding the Google app? Keep in mind that Google is a competitor of Apple here so that may be used against Apple. Was there negligence on the part of Apple here? 3) The Apple EULA may not offer Apple full protection here if there are consumer protection laws that conflict with it. ... I restored from my iCloud backup but that only brought over the Google Auth app not that actual keys that were previously in the app. ... So it basically only restores the app and not data associated with the app. What kind of backup is that? I do not use Apple products and have a very low regard for Apple but backing up the app (who cares i can reinstall that) and not the data (that would actually be useful) sounds like a major fail on the part of Apple. Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: casascius on October 01, 2012, 07:41:25 PM So it basically only restores the app and not data associated with the app. What kind of backup is that? I do not use Apple products and have a very low regard for Apple but backing up the app (who cares i can reinstall that) and not the data (that would actually be useful) sounds like a major fail on the part of Apple. Apple normally does an EXCELLENT job of restoring your data. Case in point: open the calculator on a Mac, type in a number, shut down the Mac, and then migrate your user profile to the new Mac. The same number will be showing on the calculator when you boot it up. Generally, whenever you do an Apple restore, all the passwords, certificates, any authentication tokens will be missing. Apple DELIBERATELY avoids putting passwords in backups, as well as anything saved with the same storage class as passwords. Google Authenticator records very likely fall into this class - the actual storage classification would be under the control of the Google app. This is a GOOD security practice. Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: ArticMine on October 01, 2012, 10:54:15 PM So it basically only restores the app and not data associated with the app. What kind of backup is that? I do not use Apple products and have a very low regard for Apple but backing up the app (who cares i can reinstall that) and not the data (that would actually be useful) sounds like a major fail on the part of Apple. Apple normally does an EXCELLENT job of restoring your data. Case in point: open the calculator on a Mac, type in a number, shut down the Mac, and then migrate your user profile to the new Mac. The same number will be showing on the calculator when you boot it up. Generally, whenever you do an Apple restore, all the passwords, certificates, any authentication tokens will be missing. Apple DELIBERATELY avoids putting passwords in backups, as well as anything saved with the same storage class as passwords. Google Authenticator records very likely fall into this class - the actual storage classification would be under the control of the Google app. This is a GOOD security practice. So if we were to apply the Apple security policy to bitcoin one backs up all the files in .bitcoin EXCEPT for wallet.dat! No. A good security practice is to 1) Tell the user what on earth is going on and TRUST the user. 2) Provide the user with the option to ENCRYPT and back up sensitive data such as passwords and authentication tokens, with a password known only to the user and with software and encryption algorithms that are Free Software / Open Source so that they can be independently verified. 3) Not go out of your way to frustrate a user by requiring propriety software running on a propriety OS (iTunes) on either Microsoft Windows or Mac OS X in order back up files from your mobile device onto a computer. On Android I can easily back up files and ENCRYPT on a computer running the OS of my choice by simply connecting my device over a USB port with no need for special propriety software. The minute one creates a closed ecosystem where Apple knows best and the user is not to be trusted, as is the case with IOS, then it becomes perfectly appropriate to blame Apple when something goes wrong. Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: squid on October 02, 2012, 03:58:05 AM Regarding google authenticator, I think it is the same regardless of platform (apple or android) as I have an issue when rooting my android phone and will doing a full back up, but when I restored the app was there but none of the data..
So it may be more of a google authenticator security thing rather than an apple issue. Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: Ryland R. Taylor-Almanza on October 02, 2012, 04:12:38 AM As much as I'd love to join in on the apple debate, I think I'm going to use this post to say that we should actually help theboss with his MTGox problem. theboss is out $5,000 because MTGox won't take the time to look at his ID. He probably isn't too interested in our opinions of apple right now. :)
Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: Stephen Gornick on October 02, 2012, 09:21:26 AM have my OTP unlinked by MtGox if I supply verification Was the account already a verified? (Level 1)? Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: The_Duke on October 02, 2012, 09:25:37 AM Maybe The Bitcoin Foundation can make it part of their organisation certification process to include rules/guidelines of granting/denying/verifying access to accounts and online wallets. Then you could use that to "force" MtGox to give you access to what is rightfully yours.
Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: Kupsi on October 02, 2012, 10:10:23 AM So if we were to apply the Apple security policy to bitcoin one backs up all the files in .bitcoin EXCEPT for wallet.dat! wallet.dat is a file protected/encrypted by a password. It's not a stored password in the device.Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: Atlas on October 02, 2012, 11:20:48 AM Maybe The Bitcoin Foundation can make it part of their organisation certification process to include rules/guidelines of granting/denying/verifying access to accounts and online wallets. Then you could use that to "force" MtGox to give you access to what is rightfully yours. I see what you did there. Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: The_Duke on October 02, 2012, 12:08:32 PM Maybe The Bitcoin Foundation can make it part of their organisation certification process to include rules/guidelines of granting/denying/verifying access to accounts and online wallets. Then you could use that to "force" MtGox to give you access to what is rightfully yours. I see what you did there. ;) Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: squid on October 02, 2012, 01:55:37 PM What you tried contacting them through irc on freenode? You may get better customer service that way.
Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: ArticMine on October 02, 2012, 03:03:38 PM A good piece of advice for anyone who uses mtgox is to setup multiple OTP/Yubi keys. Mtgox now offers this, use it. I personally have a yubi key as a backup and google authenticator setup for my mtgox account. This may be a solution. Have you tired asking MtGox for a yubi key to be added to the account thereby effectively avoiding the whole Apple/Google mess? Title: Re: Can MtGox legally deny me access to my account if I forgot/lost my OTP? Post by: jborkl on October 02, 2012, 09:14:10 PM A good piece of advice for anyone who uses mtgox is to setup multiple OTP/Yubi keys. Mtgox now offers this, use it. I personally have a yubi key as a backup and google authenticator setup for my mtgox account. excellent advice, thank you |