So, unless you are diligent enough to review/delete your private stuff every time Facebook makes such a change, it is likely that in the future, stuff you marked "private" today will, in fact, be publicly indexed and searchable by yandex tomorrow.
Which is why, as has always been the case, you should assume everything you do on Facebook is public. Either because Facebook will decide to make it that way one day; or because of a security breach of some sort (hasn't happened yet, as far as I know), or because NSA/MI5/Mossad has access to it and will use it against you at the most inopportune moment (for you; it's a great moment for them).
So, yes, I was able to use facebook to mark specific people (by buying an ad that targets them), and then follow them around the internet by participating in real time bidding on their views.
So even though facebook does not directly sell that information, you don't have to be very smart to indirectly "buy" it from them (and AdNexus and friends).
This is pretty well known, and has been happening every 1-2 years. Are you new on the internet?
Users shouldn't be surprised that others can see them; they may still be surprised at the new level of discoverability by strangers and via other sites.
Developers may still be a bit miffed at the mixed meaning of 'public' here – world-readable to the extent it benefits Facebook (and negotiated partners), but not allowing downstream automated indexing/analysis/excerpting by the general public.
In common-law jurisdictions (like the US), I wouldn't be so sure of that. It has a lot of precedent behind it, as a longstanding convention for indicating site-owner/rightsholder wishes. Ignoring it – deploying software designed or configured to be oblivious to it – could create legal risk.
A literal reading of copyright law and laws about 'authorized' use of computer systems would assess all bulk copying/reuse of web content without explicit advance permission as illegal. It's the force of traditional/reasonable industry practices (like robots.txt), and offsetting considerations like fair-use, that make it legally defensible.
At least now they're dropping any pretense that they give a rat's ass about privacy.
(It went much deeper than that - marital status, month of year, a few other things I can't remember). So, while they weren't directly offering and selling this information as is, you could buy it from them by buying ad space on the demographics you cared about. (Yes, this also required you had other access to ad networks, real time exchanges, etc -- but if you really want info on people, it was chump change)
I'm not sure how you would define "sell data", but other advertisers are using that data for targeting at scale already.
Also, like ryanmerket said: Facebook doesn't sell data, you are just misinformed.
Good to know that now Yandex and Facebook have signed an agreement.
Update: scratch that, I missed that they were Allow statements for ia_archiver. The Internet Archive has by far the least access.
It's actually the opposite. They allow IA access to their terms and policy, but block everything else:
I have deleted my FB account once and waited the amount of time they say is needed for data to be deleted. In fact, I stayed out of FB for >6 months. When I decided to create an account again using the same email address, at the first login, FB was ready to remind me of all the friends I "probably knew" (sure enough, they were all people I had added as friends before deleting the account). So that information is unlikely to be deleted.
To get a somewhat vanilla experience I had to create an account using a different email address. Then it behaved as not knowing me (too much).
Facebook has also reset all of my account's policy settings to the most public options twice since I've been on facebook. My posts kept their privacy settings but everything else, my friends list, likes, etc become public instead of only visible to myself. I suspect it was a bug related to data migration since both times it happened during site upgrades.
Still, I do not trust facebook with anything I do, ever. I assume it's just as public as the information on my blog. I aggressively censor posts and tags because of that.
Now, my account hasn't gone poof yet (it takes 2 weeks, they say), but I'm optimistic.