[cassianoleal]

Thanks for your response! Also thanks very much for your efforts! I've been using Firefox exclusively for quite some time, and it's by far the best browser for me. The focus on privacy and user protections (like this one) has also already helped me convince a few people to switch over.

I think the main attack vector I'd be worried about is if the SDK itself implemented a way around this protection, rendering it relatively useless. If that's not a feasible exploit, then I wouldn't be overly worried about as it would take effort on each website maintainer to implement and maintain the exploit.

The "real popup" detection sounds like a great addition if it works well!

[wisniewskit]

Right. We'll just have to see if and how Facebook reacts, but I would hope they prefer this kind of opt-in to their login buttons simply being broken in strict/private mode on many sites. In fact I think they're already getting sites to use an alternative login method which doesn't have to be blocked in the same way.