The problem is that most people don’t really understand security. They understand the need to lock their door - but the need to keep their data safe is either a mystery or unimportant to them. So they sign up for Facebook in droves, and use mobile phones without securing* them (i.e. use with the default settings, and with all the manufacturer installed crapware in place).
You can shout about how stupid this state of affairs is until you’re blue in the face, but it won’t make one iota of difference. And, ultimately, (and unless you’re as misanthropic as me) you’ll probably want to stay in touch with them - so you’ll shrug your shoulders and join Facebook too (albeit that you’ll probably take a few sensible precautions, otherwise known as lying about some of your personal data).
I take the hard line - I won’t use this crap, if you want my personal data then you can damn well pay me for it (assuming that I want to sell) - and if you want to contact me then use email.
*insofar as you can ever secure any device - and especially a device with a baseband chip in it. But thats an entirely different kettleful of scary.