The only way to stop this from happening in the long term is to educate users that companies are spying on them, and tell them about the tools to prevent it.
Depending on site owners and spyware companies, like Facebook, to solve the problem is super naive, and will never solve it. They directly benefit from these "leaks," and so they have no motivation to prevent them.
What tools are capable of stopping FB tracking 100%? Right now it's a "cold" arms race between Facebook and people trying to avoid tracking but if more people started trying I think Facebook would try harder to track everyone and things would heat up. The only way to avoid a perpetual arms race (that Facebook will probably win) is to legislate boundaries that Facebook is legally not allowed to cross. We saw this happen on iOS (though at an OS/App Store policy level instead of legally) and it seemed to actually work.
Sure, but can we teach grown men not to wring their hands about safety mechanisms for $SCARY_NEW_TECH at the same time they're becoming inevitable and culturally familiar?
No need to be snide. Computer security is a lot harder to learn for most people because it's abstract and requires a degree of mental modeling that most consumers aren't equipped to perform. If it were as easy as you suggest businesses/ organizations would be invulnerable to phishing attacks, which they're obviously not. And entities like that have dedicated IT and HR staff to set up/train people, which consumers typically don't.
I reserve the right to remain snide toward anyone who holds such insulting and condescending views toward "most people". Asserting civility, in such contexts as this one, is often used as nothing more than an excuse to avoid confronting your own antisocial behavior, however politely you manage to frame it. Social contracts need not be adhered to by either side once broken. If you wish to reinstate it, be my guest, but that's not my obligation.
It's not that they can't understand it, it's that there's plenty of other stuff to pay attention to out there, for better or worse. The threat of cold and hunger comes before more abstracted threat vectors, and you are extremely lucky to have the mental space to consider and discuss such things as privacy on this here website. If you want to ride high on your sense of innate superiority, accept for yourself the mission you seem to imply for the technologically-literate and make privacy so simple even a small child could be protected.
Legislation is used to protect vulnerable groups and health data. Strong reasonable legislation is hard to write, and expensive to enforce, but effective enforcement will cause changes to internet sites. Think GDPR.
It is hard to manage cross-jurisdictional issues on the internet. In this case, Sweden could probably design good restrictions since it is a site local to Sweden?
Trying to get everyone to become security professionals is highly unrealistic.
Depending on site owners and spyware companies, like Facebook, to solve the problem is super naive, and will never solve it. They directly benefit from these "leaks," and so they have no motivation to prevent them.