We're still investigating the cause of an error after de-authorizing an app, but I wanted to respond to your other 2 questions.
2) When a user de-authorizes, we use the following code to set the updated_at date to the current UTC time. Looking at the user component, I see how we can format it to the current timezone of the server to display that better. I've added an item to our todo list.
3) While it may sound simple and obvious, unfortunately, most social networks do not allow you to get the user's profile URL. There's a lot of reasons for this, but one is because admins started spying on their users (similar to what you're saying with 'check users when needed'). Facebook disabled this ability to get profile URLs back in 2018. Others never had the ability. There probably are some networks that we could fetch the URL from, but it's very inconsistent, so we don't do it.
This is Facebook's announcement post of the change:
Disabling the ability to resolve the app-scoped user ID (ASID) returned by Facebook Login to a Facebook profile page, even for logged-in users.
Prior to this, we did link the profile icon in the user map to the user's profile...
I hope that helps with some background.