For more than a decade, Jeff Johnson has been one of the most persistent and technically rigorous critics of Apple’s software decisions. A veteran Mac and iOS developer who runs Lapcat Software, Johnson has built a reputation for documenting, in painstaking detail, the ways Apple’s browser and operating system choices affect users — often in ways Apple never publicly acknowledges. His latest findings may be his most consequential yet.
In a March 11, 2026 blog post, Johnson laid out a case that Apple has been systematically removing user-facing privacy and security controls from Safari, its default web browser across macOS and iOS. Not with a single dramatic announcement, but incrementally. Feature by feature. Version by version. The kind of slow erosion that most users never notice — but that fundamentally changes what they can control about their own browsing experience.
The specifics are damning in their accumulation. Johnson documented how Safari has, over successive releases, removed or hidden settings that once allowed users to manage cookies with granularity, control website data storage, and configure how the browser handles certain types of content. These weren’t obscure developer tools. They were preferences that informed users relied on to manage their privacy on their own terms, without needing to trust Apple’s automated systems to make the right call.
Johnson’s core argument is straightforward: Apple markets itself as the privacy company, but its browser increasingly removes the ability for users to make their own privacy decisions. Instead, Apple substitutes its own judgment — through features like Intelligent Tracking Prevention (ITP) — for user choice. The company decides what tracking is acceptable and what isn’t. Users who disagree, or who want more control, find fewer and fewer levers to pull.
This isn’t a new complaint from Johnson. He’s been chronicling Safari’s diminishing preference panes for years. But the 2026 post represents something of a culmination, a comprehensive accounting of what’s been lost. And the timing matters. Apple is facing renewed scrutiny from regulators in the European Union and the United States over its control of the browser market on iOS, where all browsers — Chrome, Firefox, and others — are required to use Apple’s WebKit rendering engine. That mandate means Safari’s privacy decisions don’t just affect Safari users. They affect everyone with an iPhone.
The EU’s Digital Markets Act has forced Apple to allow alternative browser engines on iOS in the European Union, a change that began rolling out in 2024. But outside Europe, the WebKit requirement persists. And even in Europe, the practical effect has been limited so far, with most users still defaulting to Safari or WebKit-based alternatives. So when Apple removes a privacy control from Safari, the impact radiates outward across the entire mobile web for hundreds of millions of people.
Johnson’s post is technically precise. He doesn’t traffic in conspiracy theories or attribute malice where incompetence or design philosophy might explain the changes. He simply documents what was there and what isn’t anymore, letting readers draw their own conclusions. That restraint is part of what makes his work credible to other developers and security researchers, who have frequently amplified his findings.
Apple, for its part, has never directly responded to Johnson’s criticisms in any public forum. The company’s position, articulated through marketing materials, WWDC presentations, and occasional interviews with senior executives, is that its privacy protections are best-in-class and that automation — not manual user configuration — is the right approach for most people. There’s a logic to that. Most users don’t change default settings. Most wouldn’t know what a third-party cookie policy should look like. Apple argues it’s protecting those users by making smart defaults that don’t require expertise.
But that argument has a blind spot. Power users, enterprise administrators, journalists, activists, and security researchers often need granular control. They need to be able to inspect and manage exactly what data their browser stores, which domains can set cookies, and how long that data persists. When Safari removes those controls, these users lose capability that isn’t replaced by any automated system, no matter how sophisticated.
The broader context here is the ongoing tension between simplicity and control that defines much of Apple’s product philosophy. The company has always favored clean, opinionated design over configurability. That’s why Macs don’t have user-accessible RAM slots anymore. It’s why iOS didn’t have a file manager for years. And it’s why Safari’s preferences have been getting simpler — or, depending on your perspective, more impoverished — with each major release.
This philosophy works beautifully for many product categories. Nobody needs seventeen options for how their AirPods connect. But privacy is different. Privacy isn’t a preference about aesthetics or convenience. It’s a fundamental right, one that Apple itself invokes in its advertising. When a company claims to be the guardian of user privacy, the removal of user privacy controls creates a contradiction that’s hard to explain away.
Johnson also pointed to a pattern that goes beyond Safari. Across macOS, Apple has been tightening the boundaries of what users and third-party developers can do. System Integrity Protection, notarization requirements, the removal of kernel extensions — all of these changes have been framed as security improvements, and many genuinely are. But they also concentrate control in Apple’s hands, creating a dynamic where users must trust Apple’s judgment because they have no alternative.
That trust has generally been well-placed. Apple’s track record on privacy is, by the standards of Big Tech, strong. The company doesn’t run an advertising network that depends on user surveillance. It has implemented App Tracking Transparency, which materially reduced cross-app tracking. Its on-device processing approach for Siri and other features is a genuine differentiator from Google’s cloud-dependent model.
And yet. Trust is not a substitute for verifiability. The open-source community and independent developers like Johnson serve as a check on corporate claims, and when they document the removal of controls that users once had, it matters. It matters because today’s benevolent design decision can become tomorrow’s anti-competitive lock-in. It matters because the regulatory environment is shifting, and companies that reduce user agency now may find themselves on the wrong side of new rules later.
Recent reporting has added fuel to these concerns. Apple’s ongoing antitrust trial in the United States, brought by the Department of Justice, has put the company’s control over the iPhone experience under a microscope. While the case focuses primarily on messaging lock-in and app distribution, the browser question lurks in the background. If Apple controls the only browser engine allowed on the world’s most profitable smartphone platform, and that browser engine’s privacy controls are being reduced, the implications extend well beyond any single developer’s blog post.
On X, developer reactions to Johnson’s post were swift and largely sympathetic. Several prominent iOS developers noted that they had independently observed the same trend — settings disappearing between major macOS versions with no mention in release notes and no explanation from Apple. One thread highlighted how the removal of the “Do Not Track” preference in Safari, which happened in a previous release, was defended by Apple as a privacy improvement (since the DNT signal was widely ignored by advertisers and could paradoxically be used for fingerprinting), but that the same logic didn’t apply to other removed controls that had genuine utility.
The “Do Not Track” example is instructive. Apple was right that DNT was largely useless as a privacy tool and potentially counterproductive. That’s a defensible technical judgment. But not every removed setting falls into that category, and Johnson’s documentation makes clear that some of the eliminated controls served real purposes that ITP and other automated systems don’t fully replicate.
So where does this leave users who want both Apple’s hardware and genuine control over their browser privacy? In an uncomfortable position. On macOS, they can switch to Firefox or another browser that offers more granular settings. On iOS outside the EU, they can’t — not really, since every browser on iOS uses WebKit under the hood, inheriting Safari’s limitations. The choice architecture, to borrow a term from behavioral economics, funnels users toward Apple’s defaults whether they want to be there or not.
Johnson isn’t calling for Apple to abandon ITP or to stop making smart defaults. His argument is more measured than that. He’s saying that defaults and user controls aren’t mutually exclusive. A browser can ship with aggressive privacy protections enabled by default while still allowing informed users to adjust those protections. Firefox does this. Brave does this. Even Chrome, for all its conflicts of interest given Google’s advertising business, offers more granular cookie and site data controls than Safari currently does.
The irony is thick. The company that built a Super Bowl ad around privacy, that plastered “What happens on your iPhone stays on your iPhone” on billboards across Las Vegas, is the same company quietly removing the tools that would let users verify and enforce that promise on their own terms.
Apple may well have good reasons for each individual change Johnson has documented. Engineering resources are finite. Maintaining rarely-used preferences has real costs. Simplified interfaces reduce support burden. All true. But the cumulative effect is a browser that increasingly asks users to trust and not verify — a posture that sits uneasily with the ethos of privacy itself.
Johnson’s blog post ends without a call to action or a dramatic peroration. It just lays out the facts. That’s what makes it effective, and that’s what makes it difficult for Apple to dismiss. The receipts are there. The settings are gone. And the company that says it puts users first has, in this particular domain, been putting its own design preferences ahead of user agency for years.
Whether Apple responds — with restored controls, with a public explanation, or with continued silence — will say a great deal about how seriously the company takes its own privacy rhetoric when it conflicts with its instinct for control.
WebProNews is an iEntry Publication