my MTGOX accoun frozen, can not withdraw, I have yubikey.

[Mt.Gox Support]

Dear Sergio.

I cannot comment on how you raised an AML Flag, since it will also help other people to by pass some of our security features and will put everyone here at risk. But after that I personally check this matter with my colleagues and the person who's in charge of your account, that something unusual has been indeed made and trigger an AML request and this regardless of you having a Yubikey.

Just re-submit the document (not on a Zip file), like everybody-else and we will take care of this.

Thank you

[1713568645]

1713568645

[sergio]

By not telling me how I raised the AML flag I could raise it again not knowingly, and I would have to go though all this trouble again.

Any good security expert will tell you that security by obscurity is not good and it does not work, all the good security protocols are based on openness IDEA, RSA, blowfish, TRIPLE DES, etc, many closed source programs they use security protocols such as rot13, substitution cipher, vigenere  cipher of course the close source programs will not say what cipher they are using, but any good security expert can find out and break the code.

So by not saying what raises the AML flag you do a disservice to your customers, since it can be trigger again by doing whatever they were doing, otherwise they would try to avoid raising the flag.

Security has to be based on openness like pgp, gpg, truecrypt, etc, it does not work by secrets such as a back door that sooner than later someone finds out.

Whenever some company keeps secrets in the name of security, that tells me right away they have absolutely no understanding  of security.

If it is an mtgox policy to keep it secret, on what triggered the flag you could simply say "it is our policy", but do not say it is because of security because that does not make sense.
At this point you have not told me it is an mtgox policy, only that you feel it is a security risk, and I feel it is a problem for us customers to trigger that flag and not know why.

But at least you seem to have answered one question indirectly, and it was mtgox who put that flag, not any government or authority, at least I got a little bit of information from you.

Base on my experience Bank security is not based on what a cryptographer would call security, what rather on norms based on sociological behavior, I remember a guy a while back that was arrested and accused on being a hacker simply because his choice of browser was lynks, I can only speculate why a red flag was put on my account, most people use windows and internet explorer, I most of the time use linux  and different browsers like iceweasel, firefox, opera, etc that alone puts me out of the norm, and sometimes I use a VPN that makes me very special, so using iceweasel and a VPN could make one a tarjet for this flag,  using the account from a different country is something out of the norm so that could also raise a flag, but this is all nonsense since if someone was trying to avoid the flag they could easily use windows 7 internet explorer, and avoid being out of the country, and if they are out of the country route the connection over ssh though a server that is located in the same country of residence.
As you can see security by obscurity does not work.
Think of it this way, by using bitcoin alone I am out of the norm.

If I trigger the AML flag because my browser choice or OS choice, and you do not tell me I will continue to trigger that flag, I would rather know and that way I will know what I am allowed to do or what I am not allowed to do.

I have absolutely no respect to security by obscurity, it does not work, and it is always used as an excuse to hide information.

As far as the files, I will send you the naked jpeg  files, and hope that you can expedite, this it has been a while, with very poor communication from mtgox.

And as far as triggering the AML flag, unless you have a policy not to tell me and there is some law that prevents you to tell me this information, I would really like to know, it is my right as a customer, if you do have such a policy I would like you to make it clear that it is the case, otherwise tell me.

[BTC guy]

MTgox froze my account too. My money has been tied up for 2 months. I provided 2 forms of photo ID and they still will not allow me to withdraw. I am not happy.

-1 rep

[bitflower]

If you are having difficulty getting verified, please feel free to contact our Support by opening a ticket. We would gladly assist you and hope to resolve this issue quickly.

[sergio]

I am having an extremely difficult time getting verified:

The 2 documents in jpegs not in a zip file have been rejected because there are not in the official mtgox list of approve documents.

The 2 documents I have submitted are official documents issued by the government with picture, one is proof of passport request, and the other one is a photo id request (Cedula).

It seems that a photo ID document is required but the actual photo ID document is not accepted, which makes no sense, under Chilean law a photo ID document called (carnet or cedula) is a valid form of ID, but you request passport, driver license, and permanent recidence, but Photo ID is not listed under photo ID that is really wrong.

You have to know that not in all countries a driver license is the photo ID, in Chile a driver license is a driver license, not a photo id, for photo id, there is another document called photo id, which is the official document for identification, I am sure that is the case in many countries, so why ignore the official photo ID issued by governments.

In 3 to 4 weeks I will be getting the final version of the documents, but for now these temporary government issued documents should be sufficient, but it looks like the photo id document will not be accepted because it is not listed under photo id, which is wrong.

My only phone bills are voip, which is not accepted by mtgox based on the email I got.

Getting verified really sucks, basically they are telling how I have to live, to meet their requirements, not even the banks do this, due to the lack of money I have eliminated all bills, and mtgox wants to see bills.

Mtgox, bills cost money, I have no money therefore no bills, my mexican phone is a voip number that I am losing due to a problem with my provider and the Telmex beyond my control, my usa number is voip, and I have no other bills and I am very happy not having bills, that is something I am not planing on changing.

[FreeMoney]

Dear Sergio.

I cannot comment on how you raised an AML Flag, since it will also help other people to by pass some of our security features and will put everyone here at risk. But after that I personally check this matter with my colleagues and the person who's in charge of your account, that something unusual has been indeed made and trigger an AML request and this regardless of you having a Yubikey.

Just re-submit the document (not on a Zip file), like everybody-else and we will take care of this.

Thank you

Hypothetically, if someone was able to bypass your security features how would this affect me?

[Mt.Gox Support]

Dear Sergio.

I cannot comment on how you raised an AML Flag, since it will also help other people to by pass some of our security features and will put everyone here at risk. But after that I personally check this matter with my colleagues and the person who's in charge of your account, that something unusual has been indeed made and trigger an AML request and this regardless of you having a Yubikey.

Just re-submit the document (not on a Zip file), like everybody-else and we will take care of this.

Thank you

Hypothetically, if someone was able to bypass your security features how would this affect me?

What I was trying to say was : If we explain in clear how people are flagged for AML, it will give the opportunity for "bad" people to make sure that their behavior and documents match what we are expecting diffiting the whole AML (Anti Money Laundering) system, resulting ultimately by having more banks or authorities checking what we are doing and evaluating the risk.

[Mt.Gox Support]

I am having an extremely difficult time getting verified:

The 2 documents in jpegs not in a zip file have been rejected because there are not in the official mtgox list of approve documents.

The 2 documents I have submitted are official documents issued by the government with picture, one is proof of passport request, and the other one is a photo id request (Cedula).

It seems that a photo ID document is required but the actual photo ID document is not accepted, which makes no sense, under Chilean law a photo ID document called (carnet or cedula) is a valid form of ID, but you request passport, driver license, and permanent recidence, but Photo ID is not listed under photo ID that is really wrong.

You have to know that not in all countries a driver license is the photo ID, in Chile a driver license is a driver license, not a photo id, for photo id, there is another document called photo id, which is the official document for identification, I am sure that is the case in many countries, so why ignore the official photo ID issued by governments.

In 3 to 4 weeks I will be getting the final version of the documents, but for now these temporary government issued documents should be sufficient, but it looks like the photo id document will not be accepted because it is not listed under photo id, which is wrong.

My only phone bills are voip, which is not accepted by mtgox based on the email I got.

Getting verified really sucks, basically they are telling how I have to live, to meet their requirements, not even the banks do this, due to the lack of money I have eliminated all bills, and mtgox wants to see bills.

Mtgox, bills cost money, I have no money therefore no bills, my mexican phone is a voip number that I am losing due to a problem with my provider and the Telmex beyond my control, my usa number is voip, and I have no other bills and I am very happy not having bills, that is something I am not planing on changing.

I saw the document you sent, and while we appreciate the effort they are NOT what we are asking you to submit. Please understand that if you cannot send us the document we need to verify you as a person it will be impossible for us to do our work and un-flag your account. You have to understand that we need to restrict the number of document we accept and Photo ID could mean literally anything ranging from a gym club card to library card, these could be "legal" in some countries but no viable in the financial world.

Please kindly submit your document when you have them.

[sergio]

There is an official photo ID that is given by the  government in many countries like in Chile it is the official ID, how can a document that is created by the government with the only purpose of being an ID, not be accepted as an ID is beyond me.

You require photo ID and passport and that is precisely what I did when I went to the Chilean consulate, and the documents that I provided you are official proof that those documents have been requested.

Now those documents take 4 weeks to get delivered, do you expect me to have too wait those 4 weeks and not honor the temporary documents.

Your example of a gym ID does not apply since we are talking about official government documents, it would be nice that the governments had gyms for us, but in our lifetime that most likely will never be a reality.

As far as the items on number 2, I do not have those bills, and I do not plan to engage in expenses with the only purpose of complying with, furthermore I could not engage in any more expenses since you have my money, I have bills but are not listed under item number 2.

And I am pretty sure you will not accept documents which are expired.

So that leaves me with birth certificate not on the list, and the other 2 documents are being proceed by the Chilean government, and I already provided official proof of that.

And in regard to the AML flag, you are being clear, is it MTGOX written policy or it is not MTGOX written policy not to tell customers why the AML flag is triggered.

What you are basically telling me is that the security model of MTgox is based on security by obscurity, and if you ask any cryptographer or security expert, they will tell you "no", that security by obscurity does not work, it is not only my opinion, but of any professional in the security industry.
Security is supposed to be based on solid algorithms, and not by hiding some fact, otherwise it is a time bomb, someone discovers the fact that it is being hidden and the whole security model collapses.

If you think using a non traditional browser or a special network like a vpn is a reason to trigger the AML flag, I can tell you that AML flag is broken, and it is easy to bypass just proxy the internet connection through ssh, though a "friendly network", and use a friendly OS, and browser such as "explorer and windows 7".
Based on my experience with banks, that is what is most likely triggering the flag, but you rather keep it secret, and put in jeopardy all your customers of having a frozen account. Some guy triggered a flag at a bank just by using lynks.

I am sure tor would also trigger that flag.
Being a tourist in different countries could more than likely trigger that flag, or worse yet being in certain countries.

The reason I ask is that I do not like to trigger the AML flag, and if you tell me I can avoid triggering it in future.

For those of you that believe in security by obscurity, you should read lists like bugtraq, in which many companies instead of protecting their products with sound security they use lawyers as their security team to cover for the security holes, but it is well known that does not work well as far as security is concerned.

Well my money is at stake here, even if I wait the 4 weeks, you will not recognize my photo ID given by the Chilean government as an ID because is not on your list of valid photo ID, anyone with common sense will accept a photo id if a photo id is requested, so that only leaves me with a passport of valid for of ID.

What do you suggest?, I have done everything that MTgox has required with no success.

[sergio]

Something I forgot to mention, in regard to the comment that a photo id is not accepted in the financial world, but is not true and false.

In Chile a government issued photo id is a valid form of ID at any Bank, a driver license it is not, since it is a proof that you are allowed to drive and nothing else, and it is not a form of ID, I never had problems with the official photo ID at any bank in Chile, to name a few, Banco del Estado, Banco de Santiago, Banco de Credito e Inversiones, etc.
If the Banks accept it, MTGOX should also accept it.

In the USA the driver license it is an ID, but not in other countries.

And it is a lot better to have the driver license and ID separate documents, because they each have a clear purpose.

Problems I have with the verification process at MTGOX, banks have no problems accepting photo Id, but it is a problem at MTGOX.

You required photo ID, and passport, and that is precisely what I have requested at the consulate, no government will give you out a passport immediately, you get a temporary document, and that is the document that I have sent you, because that is what I got, and it is based on your request for passport and photo id, my photo id is a photo id, which you do not list under photo id, which it should be listed, if a banks accepts it, you should too.

Within 3 to 4 weeks I will have the official "goverment issued" not "gym issued" photo id valid at financial institutions, banks, and "financieras (small banks)" and the passport, but the temporary documents should be acceptable for the time being, after all that is what the temporary documents are for.

[doldgigger]

I just sent another support ticket to mtgox, telling them I just want my money released, I do not care if the account has to be closed at this point, there is no point is having an account with Magicaltux if he can no longer be trusted.
I also insisted that they tell me who put the red flag in my account and by what reason, question Mark has been avoiding and is not answering.

To me Mtgox is game over.

To bad Tradehill had to close business.

Any reliable exchange someone could recommend me.

Please forgive for not taking sides on this issue, sergio, but feel that I need to state the following on your thread. I'm about to invest more money and time in this Bitcoin thingy, and the last thing I want the business owners I approach is to see threads like this one. I'm in no way dissing Mt Gox, but do feel that this issue should not have gone on this long if what sergio is stating is true. By sergio expressing his fustrations on a public forum, it does not bode well for Bitcoin in general, and we all lose. I truly hope that this issue gets resolved quickly.

~Bruno~

I cannot agree with you on this one. Essentially, you are trying to pressure other bitcoin users to keep quiet about fishy business practises they encounter with bitcoin companies (in this case, MtGox). Now, while I would love to live in a world where I can say to my customers that bitcoin is zero-risk, the current situation is that someone adopting bitcoin is normally well aware that he is adopting a relatively new technology which is yet in the process of becoming mature. Still, it is a highly promising technology, so there is growth in the user base. But if you were successful in your attempts to shut down the open discussion about problems with certain companies, in the end bitcoin would become much more risky for new adopters because they would all risk to run into problems like those with MtGox without being warned.

If the people at MtGox are smart, they will learn from these incidents and create a new policy which allows more people to trust them. Yes, they are in a position where they can be approached by law enforcement when there is a problem, but it is still their own business decision how to handle these situations. I saw similar problems with internet access providers when governments started to approach them in order to get information about relations between IP addresses and the people behind the addresses. Some access providers were happy because they saw this as a great excuse to collect more data about their users than before. Yet others acted more diplomatically and only gave out the information for which they were clearly obligated to do so. And guess what? The latter made great business because people do care about privacy. Ideally, be it an internet access provider, a bitcoin exchange, or something else, a company in that position should act as a thin layer between customers and inquiries about customers. And more importantly, the rights of both sides should be honoured equally. There may be valid reasons for someone outside to ask for information about customers' identity or activity on a platform, maybe because there was some crime involved which needs to be prosecuted and where the customer may have some relation to. But crime accusations can also be wrong, and the customer should have the equally effective opportunity to file a lawsuit against someone who wrongly accused him of misbehaviour. Hopefully, MtGox will learn from what happened. But if not, it will not hurt the bitcoin community for long because other exchanges will do, and provide a better service.

It would hurt the bitcoin community much more if we lose bitcointalk.org as a platform where problems are freely discussed and where people have the opportunity to decide by themselves about which risks they are willing to take. Myself, I provide development services to companies doing BTC-USD-EUR day trading, so it is important for me to keep track of what happens on the exchange company market. I wouldn't like to see a bitcoin community where information about bitcoin exchange trustworthiness is kept secret.