Adafruit is currently requiring a verified account with two-factor authentication enabled in order to purchase certain high-demand products, such as Raspberry Pi computers, due to a large number of bot-purchasers making it difficult for Makers and Engineers to order these products.
Why is Adafruit doing this? Why doesn't Adafruit allow these bots to buy up stock and set a market price that matches supply / demand?
Right now there's a serious silicon/chip shortage which is making it hard to keep some boards like the Raspberry Pi stocked. There's also a lot of people who want to use RasPi's for their products and projects!
Since Adafruit is a member of the hacker/maker/engineering community, we want to make sure that folks who are learning and creating with electronics have a chance to pick up a Raspberry Pi.
We set a limit of '1 per customer' but found that there were automated or semi-automated purchasers who would repeatedly order multiple boards for resale on auction sites. We think there are enough RasPi's for most people who want one, but they were having to compete with people who were not following the '1 per customer' rule and using automated tools to purchase large quantities before most folks had a chance to check out.
What does Raspberry Pi Foundation think about what Adafruit is doing?
They are really supportive of our efforts to get Pi's to the students, makers, and engineers!
In an interview with ZDNet, Eben Upton (co-founder of Raspberry Pi) said:
Any time a product is in short supply you're going to see bots trying to grab stock to resell at a margin: graphic cards are the classic recent example of this. This is parasitic behaviour, and it's great to see people like Adafruit taking measures to stop it
You can tell its really Eben because he spells behavior with a u ;)
How effective is this? This seems like it won't work and can be easily bypassed.
It's actually working out pretty well! In addition to 2FA & account verification requirements, we have added several updates to our checkout process to either outright prevent or significantly mitigate automated repeat purchases of high-demand products such as Raspberry Pi 4's.
Our support team has introduced additional human-lead reviews and audits of flagged orders containing these products.
Prior to these efforts, we were seeing Raspberry Pi sell-through rates of several hundred per minute. Currently, we are selling about 12 Raspberry Pi 4s per minute when restocked.
1-per-checkout limits, 2FA, and verified accounts are all part of a multi-pronged system that we use to make purchasing Pi's fairer.
Why is Adafruit gradually releasing stock? Why not release them all at once?
We currently have a very limited supply of Raspberry Pi 4s that we are gradually releasing in batches of 300. We have chosen this approach for several reasons:
- To avoid additional strain on our staff when reviewing and shipping these orders,
- To give customers multiple weekly opportunities to purchase a Raspberry Pi 4,
- To allow us to observe new & evolving bot behaviors and adjust our approach based on what we observe.
Why does it seem like Adafruit is releasing 1 or 2 units at a time sometimes?
Our support team returns items to stock when reviewing fraudulent or automated orders. This means individual units are automatically returned to stock and made available to purchase from time to time.
I signed up to be notified by email when Raspberry Pi 4s go back in stock. Why am I not being notified?
We send "back in stock notifications" in a first come, first served order and use the number of units of available stock as the limiting factor when deciding how many emails to send. For a popular product such as Raspberry Pi 4s, this means for every 300 units we put into stock we notify between 300 - 600 customers based on the order they signed up to be notified.
If you missed out on a notification - please sign up again, we do notify everyone and we do our best to notify a reasonable number of people!
Why is Adafruit requiring app-based 2FA and not allowing SMS?
SMS-based 2FA is relatively easy to spoof and difficult to support internationally. Using app or computer-based TOTP 2FA is free, available on every platform, and is reliable and secure.
I think you could totally fix this problem by doing XYZ... why dont you 'just' do what I came up with?
I bet you do! The developer and customer support team members at Adafruit have been discussing all sorts of techniques from SteamDeck-like reservations, to backorders, to passworded checkout (we did this with the x0xb0x, our first product!), to customized tokens in notification emails...
Like all engineering problems, there's trade-offs to each 'fix' - each one of the options above have implementation and usage downsides (even if they may not be obvious to casual observers) because of the way the Adafruit stock, checkout, support and shipping workflow happens.
Right now, the 2FA + verified email + human oversight technique is working out pretty well! We will adjust and refine the process as we continue to stock and sell Raspberry Pi's.