The real attack on privacy comes from the use of FB and Twitter accounts for logging on non-FB web sites to leave comments.
By doing so, the whole social diagram is exposed and subsequent data mining can produce erroneous conclusions with grave consequences.
You login to finance-related site. Unknowing to you, one of your FB contacts has a dark side. His browsing history and online habits are tied up with your account and available to finance site server for analysis and reselling.
When you end up on "risk" list, there is no one you can sue for defamation of character.
Even worse, recent Zone Alarm security bulletin revealed that apps your lamebrain friend installed on his PC running FB can access your data on your PC, even when you are cautious what you install and did not install garbage he did. FB provide source code to developers and snoops pretending to be developers.
Explaining this to a layperson is almost next to impossible. I am still trying to find non-computer related example.