[seigenblues]

He's based his argument on the recruiter's statement, which is a poor choice. On the other hand, other material from the company supports, in fact, a much larger number.

I don't think there's any goalpost moving here at all: Hundreds of millions of keyloggers -- rootkits, really, as the article states -- are installed and unremovable. Whether they are being abused or not at the moment is irrelevant; it should be outrageous and unacceptable that such a datastream is going through a third-party without any kind of transparency, acceptance, or even tacit acknowledgement.

Likewise, your rhetorical refutation here (very thorough, in the abstract) would be a lot more damning if there wasn't, you know, video evidence of this rootkit collecting exactly this data and sending it back.