Simplelogin:

Social Login buttons like the ubiquitous Login with Facebook/Google/Twitter/… button is convenient for users as they don’t have to go through a lengthy registration process and create yet another username/password. And without a proper password manager (which probably 99% users don’t use), they tend to reuse the same password which is bad in terms of security!

However behind the scene, some SDKs (I’m looking at you Facebook!) inject an iframe in your website to display the Continue as {MyName} or Login with Facebook button. Loading this iframe allows Facebook to know that this specific user is currently on your website. Facebook therefore knows about user browsing behaviour without user’s explicit consent. If more and more websites adopt Facebook SDK then Facebook would potentially have user’s full browsing history! And as with “With great power comes great responsibility”, it’s part of our job as developers to protect users privacy even when they don’t ask for.