FreedomBox Shipping Data Extortion Racket

I recently had someone order on my behalf the Pioneer, via the link to Olimex. Everything seemed to go well until the next day, when said person received an e-mail claiming that the shipping company requires a full given name instead of an initial. I had them write back, decrying the discrimination against single-letter names, and saying that if such wasn’t acceptable, to refund the purchase.

The following day, the purchaser received a notice via e-mail that the order had been cancelled due to said purchaser supposedly having refused to provide shipping data. The order had come to $106.85, but was refunded as only $101.63. It should have been an order cancellation, not some sort of weird reverse-purchase involving exchange rates. (If there’s a different explanation, I’m open to hear it.)

During neither my research of the FreedomBox nor the ordering process was there any mention of this catch. Moreover, for an organization that purports to value user privacy, I’m surprised that FreedomBox would partner with companies that engage in extortion of data from its customers.

Though I’d still like to get ahold of a Pioneer, I find this incident has somewhat undermined my faith in the honesty of those behind the product.

I don’t work for either organization, but I would say they need a real legal name to ship to (1) and also for your country’s tax authority; International orders require full legal names to process the export & import paperwork & also for any related charges.

I’m not sure I understand the discrimination angle, your full legal name on your passport/drivers license is something like just: “A”?

When you purchase products from another country, in a foreign currency, there is always an exchange rate and fee for the transaction, which you agree to upon purchase; every website has clearly posted terms and conditions of ordering.

Once you click the buy button, the process has started and fees are charged, if you cancelled the order how/why would you not be responsible for those fees?

I don’t think the $5.22/4.83 EUR even covered the time to deal with your order cancellation.

Note:

  1. It helps to protect against fraud and at least in my country, you need to sign for the package and provide a valid form of government issued identification to prove the package is yours.
1 Like

I think @DachaLife is probably correct that legal requirements may require full name. I’m not sure from the original post wording if the full name was one letter or if the initial letter was just all provided.

Especially if the package is international. All sorts of rules can come into play.

As far as the difference in the refund vs charge, sometimes orders are charged on shipping and sometimes immediately. But if they accepted money at the moment of ordering and there was a currency exchange, then these might be the fees associated thereto. Not sure what the charge rate is (especially if its charged, then returned and thus effectively changed twice).

1 Like

I wrote “full given name instead of an initial”, to differentiate from the surname requirement. For example, who is the shipping company to say that “I Claudius” isn’t a real name? If generic mailings can be sent to “Current Resident” at a given an address, there’s no reason for them to offer this slap in the face by refusing to ship to what they assume is an initial – or even a complete pseudonym, for that matter. How many people with eccentric legal names can’t receive packages because of this idiotic prejudice?

As for the fees, in every other online transaction I’ve seen, the charge wasn’t made until the package was shipped. (I’ve been told by online retailers that such is a legal requirement, even.) In the case of varying exchange rates, it still makes no sense, because I’ve seen numerous online purchase situations where rates were effectively frozen at the moment of purchase. If there are multiple methods for a retailer to choose from, then this is definitely something the FreedomBox supply chain should consider.

Do you have any suggestions on how else I might obtain a Pioneer, whilst being sure of its security?

For example, who is the shipping company to say that “I Claudius” isn’t a real name?

Not that it doesn’t happen (see below) but I was thinking more legal requirements, not company rules.

Now granted it certainly would be highly unusual to have a single letter first name and their software may not even allow it on the presumption there are none. I write software and I make similar presumptions on interfaces as to the shape and form of data being input.

If generic mailings can be sent to “Current Resident” at a given an address, there’s no reason for them to offer this slap in the face by refusing to ship to what they assume is an initial – or even a complete pseudonym, for that matter.

Wouldn’t be the first time large entities and individuals are under different rules.

Mass mailers tie back to a company who governments likely feel they can find and punish if they need to. But I’ve never seen these sorts of mailings crossing international boundaries so each country’s internal rules are their own.

That being said, I’ve shipped stuff within the US to people who I only knew them by their screen name. So I put that on the box and let 'er rip. No issues thus far. Who’s to say whether its a company name or person’s name or what and the USPS does not appear to care. Now, if you sent some no-no items, then they are going to care and may hit you with whatever law you might be breaking when you addressed a package w/ a screenname. (EDIT- If such a law exists)

How many people with eccentric legal names can’t receive packages because of this idiotic prejudice?

I wouldn’t know. Never studied the matter. But a quick search indicates that there are a number of laws that are in place, state-by-state, in the US for names that would nominally prevent the issue.

No hyphens/asterisks or accent marks or numerals for example. Some states ban non-English characters all together. Some states limit the combined characters of first and middle name; others limit the character count of the first and middle name individually.

Famous bad people are banned as names. There is even a comic about this topic; you might can name your child DROP ALL TABLES and have your laughs about preventing SQL injection in your state of residence.

Some states, like California, allow initialisms (the name for single-letter names apparently) for the first name. Most I think allow it for the middle name. Federal systems likely will hiccup on it and you’ll have to go through special processes.

Now, if you think this is rough, apparently Iceland, Denmark, and Portugal have lists you must pick from. In Iceland and Denmark, parents must obtain written approval if the desired name is not on the list. In Portugal, the name has to match the gender of the child and most common English names are considered too foreign and are rejected.

In so far as Companies, they may not accept single letter names, regardless of whether the name is legal or not. I see one company, Priceline, who someone asserts will not let him buy plane tickets through them due to having an initialism. I have no idea if this practice is legal and, again, it may matter by state. California might allow such names but X company operates in Utah where its not lawful to supply an initialism where legal names are required by the state and initialisms are not allowed.

Price of being eccentric. Ergo some nations like Sweden consider it unlawful to give a child a name which causes discomfort. A name that would cause issues for them using services under their legal name and make all such interactions burdensome would likely fall under this rule.

As for the fees, in every other online transaction I’ve seen, the charge wasn’t made until the package was shipped. (I’ve been told by online retailers that such is a legal requirement, even.)

It may be a legal requirement where those retailers are located. In the US, state law is usually the predominant governing force for businesses and I would imagine this sort of rule would be found therein.

It may even be a matter of interpretation of older laws regarding “rendering payment at time of sale” and when the state considers the “sale” to have occurred (and thus when a whole host of other laws may also come into play regarding seller and buyer responsibilities).

Remember that for nearly 100 years, mail-order sales from catalogs were the only form of remote ordering. Obviously, it is impossible to render payment at time of shipping in any sort of timely manner (letter to you informing you product is ready for shipping, letter w/ money sent back). Ergo laws on POD (pay on delivery), deposits, et al. Thus, in the last 30 years, some states may have updated their law as they saw problems/needs/votes-to-earn and other states have not.

In the case of varying exchange rates, it still makes no sense, because I’ve seen numerous online purchase situations where rates were effectively frozen at the moment of purchase.

While I have dealt with international ordering many times, I honestly cannot say what the law or even normal process in this instance would be. I used credit card and, if this or any other sort of situation arose, I would have challenged the charge. It never happened to me so I never had to explore this issue in depth.

Do you have any suggestions on how else I might obtain a Pioneer, whilst being sure of its security?

The Pioneer explicitly? No. But perhaps this is a learning opportunity?

I built my freedombox off a fresh Debian install on a virtual machine in one of my servers. VM makes for a very easy way of backing up, testing, and breaking FB without data loss or painful headaches of trying to fix it (and I have broke the crap out of it - Matrix Federation Issue and Cloudflare)

VM’s can be run on a hypervisor or from inside most modern desktop OSs using VirtualBox, QEMU, Hyper-V, etc.

Or, if you have an old computer and don’t want to fool with virtualization, then wipe and install a compatible base OS of choice on said old device and go from there. Any 64bit desktop in the last decade is likely to meet/exceed a Pi4 for performance in a headless configuration.

Sometimes, old machines are getting tossed out. In exchange for providing the organization with positive destruction of their data and showing them good hardware hygiene prior to disposal, you could get a free computer. Churches, small non-profits, schools, etc are often guilty of this sort of practice and can use our knowledge and assistance for the betterment of society.

Finally, you could acquire another SBC (Single Board Computer) of similar price and build your FB thereon.

As far as being sure of its security, that depends on your threat model. I’m not going to bother with nation-state actors and para-national entities. If your threat is from them, then I’m likely the enemy feeding you bad data.

Obviously, if you have an old machine or get one for free from at random, the chances are not low that someone has accidentally infected the OS with your standard malicious internet STD. Your wipe of the disk with ones and zeros should take care of that. A factory new SBC with some sort of onboard flash storage should be clean; others work like the Pi and use a MicroSD for the OS/storage.

Chances are very low BIOS was compromised. But any large production machine or gaming board, firmware is likely available to restore original firmware and BIOS. Most resilience measures work at hiding files from the OS (ie rootkit) or loading them on a partition a factory wipe wouldn’t touch (ie, the factory reserve partition itself). Since we’d be blasting the entire drive, top to bottom, with a DoD-style wipe and loading a compatible OS from a USB or disk made on another machine, this should not be a problem either.

The documentation for the build-yourself process was good and the forums here contain more than a few of us who have built ground up so you are not alone in the woods there.

2 Likes

That’s a lot of good information you’ve posted, but illustrating how much more dreadfully perverse the laws of other countries are does sort of make it sound like your argument is that people of the United States should be content in having just slightly less tyranny than those.

As for building my own FreedomBox, this is something I wouldn’t like to risk bungling.

Thanks for the input, all, but I’m just not one who is satisfied with keeping his head down and accepting whatever’s thrown at him, simply to gain the ability to quietly chip away at the system. I don’t expect FreedomBox to embrace this no-holds-barred view on liberty, but I would encourage the community to look into alternatives for purchase and shipping, even if that requires forming or utilizing gray or black markets.