In fact, "I was just following orders" often is a valid excuse. It didn't work at Nuremberg because it was an extreme example. The orders there were to do things that could not even conceivably be legal, so those who carried them out were considered to have knowingly acted illegally.

When the orders are to do something that is plausibly legal, and you have good reason to believe that it is in fact so, "I was just following orders" will probably work in most jurisdictions.

Iff they have confirmation from their product lead that what they're doing is perfectly legal and it isn't obviously illegal, I agree that there's no liability.

If it's either obviously illegal or it's clearly at least dodgy and they didn't get explicit confirmation from the project lead, "following orders" is not a valid excuse.

To take the VW case as an example: if your project lead tells you to implement a way to recognise test conditions and adjust the performance to reduce emissions, that is dodgy af and you should at least get confirmation that this isn't illegal (i.e. that it's not intended to cheat on certifications but maybe just for certain internal testing scenarios). In the end the entire chain of command that led to this being implemented is guilty, but if the person implementing that behavior knew what they were doing was illegal or at least suspect and they didn't get confirmation, they're still guilty.

None of what Facebook has done here sounds plausibly legal to me. I'm not a lawyer, but this stuff is plain-as-day immoral and illegal from my eyes.

So a developer should not trust a huge legal team, who's purpose it is to verify all is legal?

How do you expect the developer to figure out its illegal when a team of lawyers couldnt?