The permissions are set in the WordPress Social Login plugin. You can change it, but the change will go lost with the next plugin update.
For version 2.2.2 the following works:
in /wp-content/plugins/wordpress-social-login/includes/services/wsl.authentication.php
around line 180, find:
// set default scope and display mode for facebook
if( strtolower( $provider ) == "facebook" ){
$config["providers"][$provider]["scope"] = "email, user_about_me, user_birthday, user_hometown, user_website";
$config["providers"][$provider]["display"] = "popup";
$config["providers"][$provider]["trustForwarded"] = true;
and erase ", user_about_me, user_birthday, user_hometown, user_website".
I didn't test this, but if you enabled import of contacts, you may want to look a bit further;
around line 200, find:
// if contacts import enabled for facebook, we request an extra permission 'read_friendlists'
# https://developers.google.com/+/domains/authentication/scopes
if( get_option( 'wsl_settings_contacts_import_facebook' ) == 1 && strtolower( $provider ) == "facebook" ){
$config["providers"][$provider]["scope"] = "email, user_about_me, user_birthday, user_hometown, user_website, read_friendlists";
}
and erase "user_about_me, user_birthday, user_hometown, user_website, "