In a move that is remarkably aggressive even by the standards of totalitarian regimes, Iran has announced that Gmail will be banned and that a government-run email service will take its place. The Wall Street Journal explains,

An Iranian official said the move was meant to boost local development of Internet technology and to build trust between people and the government.

I get it. People will trust the government more if they know the government is watching all their email and there is nothing they can do about it. Wait, no, I don’t get it. Could you explain that again?

I have gotten two unsolicited emails over the past year from Iran. One was from a Gmail address, enclosing a manuscript about teaching for me to read. When I responded that we all think about the people of Iran and their struggles, the unguarded reply was “That is why I chose green for the cover of my book.” I hope that did not get him into trouble. Another, from a Yahoo mail address, asked for my help in locating a relative. Apparently the person writing thought the relative had gone to Harvard. I could find no evidence of that but I did find the fellow’s Facebook page, for which my correspondent was very grateful

These experiences left me wondering how thorough the surveillance is, and today’s announcement leaves me wondering if people will put up with it being heightened.

I’ve now both listened to and read Secretary of State Hilary Clinton’s speech on Internet freedom. (That’s a link to the State Dept. home page, where it is still featured. I imagine it will move off shortly.)

It’s a good speech, I think. At least it was good enough to annoy the Chinese. A columnist for the People’s Daily snorted that Google had been reduced to an “ideological tool” of the US government and noted, correctly, that Google is losing the competition with the native Chinese search engine, Baidu. (Note: You can compare for yourself the search results returned by the US version of Google, the Chinese version of Google, and Baidu. But be aware that the link for Chinese Google takes you to servers inside the US, while the link for Baidu takes you, I think, to China. The result is that you may not see google.cn, the Chinese version, as the Chinese experience it. When I tried Googling “Falun Gong” inside China, I lost the Internet connection to my hotel room.)

The China Daily simply denies that Clinton is telling the truth. [A Foreign Ministry spokesman] “said the speech indicated China restricts internet freedom. ‘It is a far cry from the truth,’ he said.” And the People’s Daily accuses the US of hypocrisy. “It is common practice for countries, including the United States, to take necessary measures to administer the Internet according to their own laws and regulations. The Internet is also restricted in the United States when it comes to information concerning terrorism, porn, racial discrimination and other threats to society.” The paper goes on to cite Steve Ballmer as one of the good guys. “Noting that most countries exert some sort of control over information, Microsoft Chief Executive Steve Ballmer said Friday his company must comply with the laws and customs of any country where it does business.”

In fact, in her speech, Clinton, after stirring invocations of the US First Amendment and the Universal Declaration of Human Rights, conceded the point about Internet freedom having its limits. Here is the crucial paragraph:

Now, all societies recognize that free expression has its limits. We do not tolerate those who incite others to violence, such as the agents of al-Qaida who are, at this moment, using the internet to promote the mass murder of innocent people across the world. And hate speech that targets individuals on the basis of their race, religion, ethnicity, gender, or sexual orientation is reprehensible. It is an unfortunate fact that these issues are both growing challenges that the international community must confront together. And we must also grapple with the issue of anonymous speech. Those who use the internet to recruit terrorists or distribute stolen intellectual property cannot divorce their online actions from their real world identities. But these challenges must not become an excuse for governments to systematically violate the rights and privacy of those who use the internet for peaceful political purposes.

Now that passage contains a remarkable juxtaposition. A grand buildup.  A concession that there are limits to expressive freedom. A citation of the example of mass terrorism. OK, I’m listening. The next examples are the usual nondiscrimination categories, presented as hate-speech categories. Now I am getting worried; what counts as hate speech is so often in the ears of the listener. To be sure, it is easy to imagine a Tibetan rant about Chinese oppression that the Chinese could reasonably tag as ethnic hate speech. This is beginning to sound like a list of exceptions to freedom big enough to put almost anyone in shackles. Then there is the “issue” of anonymous speech. Secretary Clinton has nothing good to say about it, and then in a flat declaration puts Osama Bin Laden in the same box with millions of American teenagers—in the box of “those use the internet to recruit terrorists or distribute stolen intellectual property.” At this point I think the speech loses its operative edge. It leads inevitably to the conclusion that the speech control tools aren’t the problem—they are necessary in fact—only the way they are used.

So I finished the speech feeling good; it’s certainly better than a speech that emphasized cooperation at all costs, and that might have been expected. On the other hand it leaves me unconvinced that the administration actually has a consistent point of view on cyber-freedom.

One ironic footnote. The streaming video comes via a service called Brightcove. If you click on the “Information” icon on the video window while the speech is playing, you get Brightcove’s who-knew? privacy policy, which explains that “By using the Site, you agree to the terms and conditions of this Privacy Policy. If you do not agree to the terms and conditions of this Privacy Policy, please do not use the Site.” Much of the privacy policy does not apply to visits to the state.gov site, which requires no login and hence generates no personal information. But of course viewing the Internet Freedom video does send Brightcove your IP address, which Brightcove treats as “Non-Personal Information.” And, it says, “we reserve the right to share Non-Personal Information with affiliates and other third parties, for any purpose.” So Brightcove could, for example, sell Harvard University the information that I watched the Internet Freedom video via the wired jack in my Harvard office. Freedom does have its limits, but I might have hoped they fell a bit farther out than that.

The Associated Press reports a strange case in which a Facebook user logged into her account from her cell phone and wound up in someone else’s. Except it turns out that though strange, it is not unprecedented. A couple of people even wound up in each other’s accounts.

It’s a little hard to figure out what is going on, but it seems that the wrong cookie (code identifying the Facebook account) got installed on the user’s cell phone. According to the story, it’s AT&T’s fault, though it is hard to be sure since all the cases involve not just the same carrier but the same web service (Facebook) and the same Nokia phones. If, as reported, it’s a bug in AT&T’s cell-phone-to-Internet connection, it’s easy to imagine that a user might be taken to another’s Gmail account in the same way.

If the connection had been encrypted, that would probably have prevented the cookie bug from doing any harm. But Facebook does not use encrypted connections.

Which reminds me of something I should have mentioned earlier. In what was already a good week for Google on the privacy front, because of its announcement that it would stand up to the Chinese censors, Google announced in a much less publicized blog post that it was going to enable https by default for Gmail. That is, up to now, your Gmail has flowed to you in plaintext, available for sniffing and snooping anywhere in the Internet. There was always a way to change that default and have your Gmail encrypted, but it took a little digging to find the check box and few people bothered. The disadvantage to Google in making encrypted email the default is that the encryption takes time, so Google had to upgrade its systems, costing them money. Now they have decided to to exactly that, and once again, good for them!

Added a little later: The betting in the Slashdot comment thread is that it’s simpler than the AP story suggests. As one comment says,

My guess is that it’s as simple as this: the http returned by a request to “www.facebook.com” was cached by AT&T and delivered to other users who attempted to fetch that URL in an attempt to save bandwidth. The login credentials are irrelevant… once AT&T cached the page it thought of as “www.facebook.com” it would deliver it to anyone who asked for that URL. It probably only changed for the next person because someone insisted on logging out and back in, and the caching server detected the change then re-cached the NEW user’s page. This used to happen a lot on the internet to unencrypted streams that allowed log-ins. These days most caching servers are properly configured, but it’s still an easy mistake to make if you’re setting up a caching proxy.

That is, sometimes an ISP will cache (keep its own local copy) of a web page it retrieves from a server so the ISP can deliver it to multiple users who may request it without going back to the server for a fresh copy each time. Obviously this is the wrong thing to do if there is any possibility that the page may change in an important way in between requests that the ISP is receiving. Perhaps it was just delivering one party’s version of “facebook.com” (a logged in page) to another user who also asked for “facebook.com”. Whatever it was doing, it was wrong! And reminds us that nothing in a distributed system ever works better than the poorest code that gets invoked. Even retrieving a web page involves lots of parties.

Siva Vaidhyanathan, author of the forthcoming book The Googlization of Everything, has posted on his blog what seems to be the entire text of one chapter, about Google in China. So it was frozen well before Google’s decision to stop censoring and perhaps abandon ship. It is a nuanced, balanced argument, with some compelling detail. He notes that censorship is not as simple as the “great firewall” metaphor would suggest, and that absolutist no-business-with-oppressive-regimes postures are not actually productive. Siva replays the debate in which he, I, and Esther Dyson participated, with an honest assessment of the two sides of the argument.

During that debate on National Public Radio in November 2008, Harvard computer science professor Harry Lewis accused Google of violating its “Don’t be Evil” motto by creating Google.cn along the very lines that the Chinese government demanded. “Their choice was, to accept the Chinese ultimatum or to go home. They could have gone home but they didn’t. They stated and built the engine as the Chinese wanted it.” Lewis concluded, “Google didn’t choose the lesser of two evils when faced with the Chinese ultimatum. It chose the more profitable of the two evils.” Now, Lewis was making a debater’s point because, well, this was a debate. The question before the two panels was not whether Google on balance does more bad than good or good than bad. It was whether Google lived up to its motto. The Chinese deal gives Google critics – and my debating team – an easy shot. Perhaps it’s a cheap shot. But that is what debating is all about.

Esther Dyson responded to Lewis. Dyson is known as one of the central visionaries of the information age. She has been present at the creation of many of the most important initiatives of the Internet, including the gestation of several search engines. She is one of the brightest and most influential thinkers about digital technologies and their effects on the world. Dyson understandably believes in the transformative, perhaps revolutionary, power of information technology. “The great virtue of the Internet is that it erodes power, it sucks power out of the center, and takes it to the periphery, it erodes the power of institutions over people, while giving to individuals the power to run their own lives. Google is part of that. It’s one of these things that shines light on everything, it enables people to find stuff out, it enables them to question what their governments are doing, and it’s absolutely wonderful,” Dyson told the debate crowd in New York City. “Google by its very presence and its operation, even if it’s incomplete, creates increasing expectations for transparency, it starts people answering questions. It gets them to expect to be able to find out stuff.”

As I wrote in Chapter 1, I was sitting at the opposite table to Dyson. I was on Harry Lewis’ side of this constructed event. If the question at hand was whether Google violated its motto, I have to come down on Lewis’ side, as I was in fact on Lewis’ side. But in the real world, debates like this don’t matter much. To the people of China, Google’s fidelity to its motto doesn’t make a bit of difference. In the real world, Dyson has a much stronger point. Google might raise expectations. Google might spark some young person in China to ask one more question about why she can’t read this or watch that. Some Google is probably a little better for China than no Google.

You can listen to the debate here. The front page includes a nice picture of Siva and me, ecstatic (and a bit surprised) at the moment the audience declared our team the winner.

So it is time for me to fess up. Siva’s description and assessment are accurate. In fact, when I was invited to participate in the event, I said I could argue either side. They wanted me on the pro side, which was fine with me—as Siva says, in the rhetoric of a debate, it’s the easier argument about which to wax oratorical. But the argument requires a great deal of subtlety, and Siva’s chapter gives the nuanced view.

He doesn’t say how he would revise it now that Google seems to have gotten fed up with Chinese shenanigans …

While preparing a talk about privacy yesterday, I wanted to cite an example of a commercial service that lures people into surrendering their location information in exchange for social connectivity, restaurant recommendations, and the like. I was planning to make the point (and did, when I gave the talk at the HELIN conference today) that location information has cash value, and there are a variety of business models based on getting people to give it up for free and then cashing in on the data that gets collected.

Nothing wrong with this in principle, as long as people understand what they are giving and what they are getting. They are getting connectivity and exposure and recommendations, and they are giving data about the places they go, perhaps not just to the social network but to the business partners of the for-profit corporation that is running it.

In any case, forgetting the names of these networks, I did a little searching and then settled on foursquare as the example I would use. “Check-in to find your friends, unlock your city,” says the site, and the front page then gives a rolling report of what the site members are doing and saying, for example, “Jim N. in DeKalb, Illiois became the mayor of Caribou Coffee.” You can click on the name of the member (player, really) or the establishment to get more information about either. As the site explains,

People use foursquare to “check-in”, which is a way of telling us your whereabouts. When you check-in someplace, we’ll tell your friends where they can find you and recommend places to go & things to do nearby. People check-in at all kind of places – cafes, bars, restaurants, parks, homes, offices.

You’ll find that as your friends use foursquare to check-in, you’ll start learning more about the places they frequent. Not only is it a great way to meet up with nearby friends, but you’ll also start to learn about their favorite spots and the new places they discover.

Not just your friends, either. Just watch the latest check-ins scroll by on the foursquare home page, and you will get lots of interesting tidbits about lots of people. I was starting to groan about the usual privacy questions—who owns the location data, how long does foursquare hold it, how hard will it be for an unhappy spouse or employer to get hold of it, can the company sell it to business partners—when I moved on to work on the next slide.

And then I woke up this morning to discover that foursquare had cut a deal with Harvard University. As Harvard’s official organ, the Gazette, explains,

The service, which is accessible from smartphones and other mobile devices, enables students and visitors to explore the campus and surrounding neighborhoods while sharing information about their favorite places.

The Gazette goes on to proclaim that we are #1: “Harvard is the first university to use foursquare to help students explore their campus and surrounding places of interest.” (Maybe we should take pride in this, though UNC Charlotte claims to be the first university to use foursquare, for a somewhat different purpose. Years ago, when Harvard fell to #2 in the US News rankings, our humor magazine pointed out that this was a good thing, as it would teach us humility, and we should strive to be #1 in humility as we are in everything else.)

Having spent many an afternoon over the past year in information security meetings, where the University has been developing policies and standards for how information about our students may be accessed, stored, and moved, I immediately started wondering whether Harvard had somehow signed onto a deal to encourage students to surrender their privacy, and if so, who was the commercial beneficiary. The Gazette story doesn’t mention data privacy at all. It simply has a Harvard spokesman echoing foursquare’s utopianism.

We believe that Harvard’s participation will allow our community to engage with friends, professors, and colleagues in new ways. We also hope visitors and neighbors will benefit from the platform as it grows through use.

So visiting high school students and Chinese tourists are apparently also the intended “beneficiaries” of this “service.”

As Hal Roberts of the Berkman Center pointed out when I asked him about this story, foursquare’s privacy policy is pure boilerplate:

We receive and store certain types of information whenever you interact with our Service or services. Foursquare automatically receives and records information on our server logs from your browser including your IP address, cookie information, and the page you requested.

It goes on to explain how they aggregate this data and analyze it, and how they won’t disclose it in a way that would identify you personally. Only problem is, the privacy policy doesn’t mention the really private information foursquare collects—the location information. That simply isn’t covered by any of the boilerplate. So they can do what they want with it, without asking. Moreover (and thanks to doc searls for pointing this out), foursquare explicitly says that they may sell that information, and even if they don’t, the company will pass it on if it gets acquired. And that by signing up, you are acknowledging that you understand all that.

Business Transfers: In some cases, we may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that is transferred. Moreover, if Foursquare, or substantially all of its assets were acquired, or in the unlikely event that Foursquare goes out of business or enters bankruptcy, customer information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Foursquare may continue to use your Personal Information as set forth in this policy.

It’s a free country. If people think it’s fun for people to know where they are, and they understand what they are doing, by all means they should go for it. I am not a killjoy.

But I am puzzled that Harvard wants to encourage this behavior—that it has somehow analyzed the social benefits and the evident commercial interests and privacy risks involved here, and has come to the conclusion that on balance it would be a good thing if a lot of students signed up.

I hardly dare wonder if Harvard itself might have a pecuniary interest in the success of the partnership. I hope not, and that it has simply seen great benefits to the community—and few risks. I would love to know more.

Added January 14: Perry Hewitt, who is quoted in the article, wanted to be clear that there is no “partnership” (as I called it) between Harvard and foursquare. Harvard is simply a foursquare “presence”—as it would be anyway, whether Harvard formally cooperated or not. By allowing foursquare to create a Harvard badge, Harvard is simply making more convenient something people would be doing anyway. I am grateful to Perry for getting back to me and clarifying these points.

Depends on who you talk to.

In Blown to Bits, we talk about citizen vigilantism—people taking vengeance on people they see doing bad things, or just snapping pictures of crimes being committed, pictures that may help identify the culprits. The digital explosion has engendered a lot more of this, for both better and worse—we once did not all have cameras on us all the time.

Of course, a technology generation later, we all have not just still cameras, but audio recorders and video cameras too—in cell phones and even iPods. And people are whipping them out when they observe arrests being made, and are using the recordings to embarrass the the police, or to help in the defense of the party being arrested.

Except now, as the Boston Globe reports,  the police are increasingly fighting back, accusing those making the recordings of illegal surveillance, under wiretapping statutes. It’s a fascinating story. Some of the convictions are standing up in Massachusetts—the Supreme Judicial Court ruled in a split decision that the wiretapping statutes apply, unless the recording was made in a public manner. So people hiding the microphone in their sleeve or the camera in their coat may well be in trouble. Chief Justice Margaret Marshall was in the minority, opining

Citizens have a particularly important role to play when the official conduct at issue is that of the police. Their role cannot be performed if citizens must fear criminal reprisals when they seek to hold government officials responsible by recording, secretly recording on occasion, an interaction between a citizen and a police officer.

I don’t envy the police their job. Hell, I wouldn’t be happy if people were video-recording my  every movement while I was doing my job. But what the police are doing while making an arrest seems to me a public act by definition. In other situations (all those traffic-stop videos we see) the police themselves make sure everything is recorded these days. Can’t see why recording the police arresting someone in the public square wouldn’t fall within citizens’ rights.

A year and a half ago, I wrote an opinion piece entitled How Facebook Spells the End of Privacy. Now Facebook founder Mark Zuckerberg says he’s sorry he ever built those privacy options into Facebook in the first place. Explaining the company’s decision in September to make all kinds of information public that users used to have the option to keep private—their friends list and the list of pages they subscribe to in particular — Zuckerberg explained,,

A lot of companies would be trapped by the conventions and their legacies of what they’ve built, doing a privacy change – doing a privacy change for 350 million users is not the kind of thing that a lot of companies would do. But we viewed that as a really important thing, to always keep a beginner’s mind and what would we do if we were starting the company now and we decided that these would be the social norms now and we just went for it.

Zuckerberg says that people are more comfortable sharing and being open than they used to be, and Facebook is just catching up with where society has already gone. Of course this is nonsensical reasoning, unworthy of someone who took a course in computational theory from me (yes, he did). The claim that a lot more people today do X than not-X is no reason to make everyone do X. As Marshall Kirkpatrick observes in the story linked to above, money is a more likely explanation. Having made Facebook nearly ubiquitous, Zuckerberg now sees more money in encouraging (or requiring) people to give up more information about themselves.

There are reasons of personal safety for people to maintain some privacy. There are reasons people want to keep multiple identities (personal and professional, for example) isolated from each other. And there is the big argument, which I put forward in Chapter 2, that privacy is socially progressive—not in the political sense, just in the obvious way, it is easier to think differently, and act differently, if you do so with trusted friends than in the full view of the entire world. I wonder if Zuckerberg would say the same thing about people being more open about everything if he spent a few months in China or in Iran.

World of Warcraft (WoW) is a huge online fantasy war game, with more than ten million accounts. Here is a nice holiday-weekend “bits” story: a man with an arrest warrant out on him in Indiana for two years on drug charges has been arrested in Ottawa, Canada. The crucial information as to his whereabouts was provided by Blizzard Entertainment, the game company that runs WoW. As Matt Robertson, the investigator in the county sheriff’s department, tells the Kokomo (IN) Perspective,

“You hear stories about you can’t get someone through the Internet. Guess what? You can. I just did. Here you are, playing World of Warcraft, and you never know who you’re playing with.”

Robertson seems to have take a lot of small steps to put the story together. A childhood friend of the suspect said he had moved to Canada — good to know, of course, but making many of the standard law enforcement protocols useless. Somewhere along the line a tip came in that he was a WoW fan, so the investigator sent a subpoena for the suspect’s records — a transnational subpoena with no legal force at all.

“They don’t have to respond to us, and I was under the assumption that they wouldn’t,” said Roberson. “It had been three or four months since I had sent the subpoena. I just put it in the back of my mind and went on to do other things. Then I finally got a response from them. They sent me a package of information. They were very cooperative. It was nice that they were that willing to provide information.”

That information included the suspect’s IP address, in particular. From the IP address Robertson got the latitude and longitude (here is one site that will do that for you) and then used Google Earth to home in on the neighborhood. He couldn’t quite get to the street address that way, but close enough that Canadian authorities did the rest.

So just remember that. In a multiuser game you can think of yourself as living out of time, out of space, and out of your own skin, but you aren’t. Someone knows a great deal about you, and might even be willing to answer a polite request to reveal it.

Which may be what we actually want. Or is it?

In the New York Times, travelers and privacy experts present their views on whether the millimeter-wave scanners I discussed yesterday are an unacceptable invasion of privacy. Quoting a Utah Republican who sponsored a bill (which passed the House but not yet the Senate) banning the use of the devices except as secondary screening technology, the story says

“I’m on an airplane every three or four days; I want that plane to be as safe and secure as possible,” Mr. Chaffetz said. However, he added, “I don’t think anybody needs to see my 8-year-old naked in order to secure that airplane.”

Which is to say what, that no terrorist would put a bomb on an eight-year-old? I wonder if there is a name for this rhetorical device, where one transforms a general proposition into a personal insult.

EPIC, which had previously filed suit for more information about these devices, seems to me to have it right.

Marc Rotenberg, head of the Electronic Privacy Information Center, said his group had not objected to the use of the devices, as long as they were designed not to store and record images.

Keep the screens in a separate room (as is done). Disable the recording capability (as is done). Make sure the operator doesn’t have a cell phone camera if you wish (though it is hard to imagine much titillation coming from these images, compared to what is readily available). But yes, check the passengers the way you check their luggage, and the wheel bearings for that matter. And yes, that is a role for government, or government-controlled entities. I don’t think we want a free market here, allowing airlines to trade off security for ticket price and allowing consumers to decide for themselves how much risk they are willing to accept.

Bruce Schneier is a very astute security expert, but I am not sure I follow his logic here:

Bruce Schneier, a security expert who has been critical of the technology, said the latest incident had not changed his mind.

“If there are a hundred tactics and I protect against two of them, I’m not making you safer,” he said. “If we use full-body scanning, they’re going to do something else.”

The millions of dollars being spent on new equipment, he said, would be better invested in investigation and intelligence work to detect bombers before they get to any airport.

The last part is surely true. Figuring out the line determining when someone goes on a no-fly list is tricky business. You don’t want any father with a grudge against his son to be able to ground the son by making a call to the Embassy. But it sounds like there were enough other dots to connect in this case to have set off appropriate alerts. I take Schneier’s point to be that the security perimeter at the airport is not the only place, nor even the best place, to keep terrorists off the plane, and the threat model that puts all the energy at stopping them there will be ineffective in practice. That sounds right, but isn’t really an argument against the use of the millimeter-wave technology.

The recent attempt by a Nigerian man to blow up a plane flying into Detroit has brought the subject of millimeter wave scans back into public discussion. These scans use very short-wave radio signals to peek through people’s clothing and see what they may have underneath. Some privacy advocates resist the use of these devices, because they show genitalia, as well as revealing breast implants and so on.

Maybe I am missing something, but I can’t get excited about the fact that a security screener might get a glimpse of an X-ray like image of my private parts in the course of verifying that I wasn’t hiding some explosives there (as the alleged terrorist apparently was). It may not be useful or effective to screen everyone–maybe you’d do some obvious profiling (bought the ticket with cash, etc.) to reduce the workload on the screeners and keep them sharper. But if the image isn’t stored, I don’t see any privacy problem in principle here. In enlightened societies at least, we have mostly gotten past prudery in medical care–not many hospital patients would today insist on having their bedpans emptied only by same-sex attendants. If you want to use the technology of air travel, you need to accept the technology of security (provided, once again, that it really is security-enhancing and not just in place to create a phony sense of security).

By the way, the TSA hasn’t yet fixed the huge security hole, pointed out by Chris Soghoian several years ago, that they check the boarding pass against your ID at the security perimeter and the boarding pass against the electronic ticket record at the gate, but never verify that the ticket matches your ID, unless you check a bag. If you are not checking luggage, the two boarding passes could be different.

Privacy bonus: Canada’s Daily Post has an article about privacy loss, which quotes Blown to Bits and ends with a Christmas-spirit thought that sprung into my head when I was interviewed last week:

Harry Lewis, a professor of computer science at Harvard and co-author of Blown to Bits, said the book was written to get people thinking about how much of their personal information they surrender every day. He worries that the less privacy we enjoy, the more it will discourage social advances.

“The loss of privacy is a socially conforming force,” he said in an interview. “So many social experiments over the course of human history — religious innovations, political dissent — started among small groups of mutually trusted friends who gradually gained acceptance for their beliefs and their behaviours.”

If Jesus’s early followers had a Facebook group, he joked, “they would have been stamped out very quickly.”