On the heels of a well intention but flawed study that showed that the annual risk of ID theft was $24 billion, we now have a new terrifying statistic:  26.7 million Americans will become victims of identify theft.

“In a recent study … of the top 2,000 known spyware threats, they found that 15 percent of spyware is actually stealing all the information typed on an infected computer, by logging the information the user types and then transmitting it to the spyware’s creator. This method is called “key logging,” and was the cause for five percent of the identity theft cases last year.”

OMG.  This is really hyper-inflated data.  There are no definite statistics on the prevalence of keyloggers, but I can assure the ostensibly quaking public that it is far, far less than 15% of all users.   It is a very small number.

I’m talking keyloggers here, people.  Stuff that actually steals your bank data, ebay accounts, passwords, etc.   Not stuff that grabs search terms and displays contextual advertising.  That may not be not nice, but it’s not stealing your credit cards.

Yes, we’ve discovered a LOT of keyloggers, over 25 in just the past few months.  But all of them were on unpatched Windows XP systems, and the actual volume of users infected, while not insignificant, was in the range of perhaps thousands on a cumulative basis. 

Now, there are risks out there, and I suppose I should have a sense of gleeful avarice to see others do free marketing for the industry; but on the other hand, the industry can’t go overboard.  Our duty as technologists is to not scare the public off the Internet—rather, provide the education and the tools to help people be safe—and lobby for the infrastructural changes that will effect a safer online experience.

Alex Eckelberry