I only ever log in to Facebook in private browsing mode.

I only ever log into Facebook via a VPN to a remote VPS using a private window on a browser I don't use for anything else. And also...

Chain OUTPUT (policy ACCEPT 6309 packets, 599K bytes)

pkts bytes target prot opt in out source destination

  330 19800 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set block-facebook-ips dst reject-with icmp-port-unreachable

I have an ipset that matches FB networks.

Yikes. Sounds easier just to not use Facebook.

There in lies the problem, all those Facebook widgets on various 3rd party websites are used to track you. If you block FB's network ranges then it gets much harder for them to do that.

In effect you are "using" Facebook whether you want to or not; this is the issue some people have with shadow FB profiles.

Careful, too strict and you'll start to be identifiable from your conspicuous lack of identifiable information ;)

I always use incognito mode but apparently I must have inadvertently logged in to a regular frame at some point. Horrified!