[eloy]

Is it? I just checked https://hstspreload.org/, and it seems that twitter.com, facebook.com, outlook.com, cloudflare.com and gmail.com are all preloaded.

Or do you mean that downgrade attacks are still easy to deploy? Under what circumstances?

[JackGreyhat]

With a reverse proxy. You can reverse proxy any HSTS website, and feed it to any client over plain http

[notriddle]

A client with the HSTS preload list will not connect to facebook.com over plan HTTP. That's the whole point.