Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

This is one of those tough cases where software cuts both ways.

Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.

Most people are the opposite and this move protects the most sensitive data from being easily scooped up or muddled in easily installed apps, or at least easily installed apps that don't use zero days.

Is the world better or worse due to this change? I'd say a touch better, but I don't like the fact that this change was needed in the first place. I trust Apple, but I don't like trusting trust.

If I install Little Snitch, it's because I trust Little Snitch to be responsible for my computer's network traffic, over and above anyone else.

I recognize that this won't necessarily apply to all users or all apps, but there needs to be a way for the user to designate trust. Apple services and traffic should not get special treatment.

They provide the OS. If you don't trust them, then you shouldn't trust anything running on top of it either...

You could (and perhaps would) make the same argument about Intel (for providing the processor) or Broadcom (for providing the wifi chip) or Comcast (for providing internet service). And it's true, all of these parties have the ability to use their positions for nefarious purposes.

However, I would like to limit that potential as much as possible, partly by creating a stigma against practices that remove control from the user.

I find it interesting how the needs of legitimate security mesh so well with the industry desires to kill off general-purpose computing for the majority of users

As a general rule, you want to prevent software from bypassing a user's informed consent. Apple typically does this in one of two ways:

1. Have functionality only accessible through system frameworks, so that the OS can be responsible for prompting for informed consent and granting it to a process. This means that the system itself has to have functionality to prompt for that informed consent in a way that users can understand.

2. Require processes which an application cannot script that are technically complicated enough that users might realize they are pulling off the warranty-voiding stickers. A prime example would be rebooting into recovery mode to turn off system integrity protections via a terminal command.

Both of these wind up getting gated in priority, but such is the priority of their system - limiting the ability of arbitrary software to act as an unrestricted agent of the user so that user security and privacy (as well as device operation like battery life and radio reception) can be protected.