[fixermark]

They may not be able to prevent it without refusing to exfiltrate that data. But then they maintained clear resopnsibility (at the cost of usability) for the user's data. Excellent example though, because it highlights a real joint-ownership problem in data on a social network (the aggrieved fixermark in this case certainly couldn't have stopped his friend from hand-entering the details of the super-secret party into FakeCalendr without consent either; to a certain extent, sharing information always implies trust of the recipient to store that information responsibly).

Unfortunately, privacy / usability is the tradeoff. Facebook had clear incentives to simplify usability at the cost of privacy. But as a result, these breaches continued to happen.

(I use the past tense here because I don't know what their app ecosystem looks like now. When I was using it, it was extremely easy to do a full friends-of-friends data exfiltration, with the only guard against it being "Don't do that and then dump it publicly for all to see").