# Jeff Johnson

> Jeff Johnson is a longtime independent Mac and iOS developer who runs Lapcat Software and the Underpass App Company. He is best known for StopTheMadness, a Safari extension that wrestles control of the browser back from hostile websites, and for being one of the sharpest public critics of Apple's privacy decisions, including the 2020 'OCSP appocalypse' that revealed macOS was phoning home unencrypted every time you launched an app. A philosophy graduate turned code archaeologist, he writes a widely read blog dissecting Apple's broken promises and has racked up a long list of CVE security credits across macOS, Safari, iOS, and WebKit.

- **Role:** Founder and developer at Lapcat Software / Underpass App Company
- **Organizations:** Lapcat Software, Underpass App Company, Rogue Amoeba Software (former)
- **Nationality:** American
- **Education:** B.S. in Philosophy, University of Wisconsin-Madison, M.A. in Philosophy, University of Wisconsin-Madison
- **Known for:** Created StopTheMadness, one of the most popular privacy and usability Safari extensions for Mac and iOS, Credited with multiple CVE security disclosures across macOS, Safari, iOS, and WebKit, Publicly exposed the unencrypted macOS OCSP certificate-check traffic in 2020

## Career timeline

- **2006-2007** — Developed Knox (later acquired by AgileBits/1Password) and Pyro at Marko Karppinen & Co.
- **2006-2010** — Co-lead engineer on the open-source Vienna RSS reader
- **2007-2008** — Built internal developer tools (Radar, Sonar, Merlin, Espresso, BuildIT) at Francis Technical Services
- **2008-2016** — Software engineer at Rogue Amoeba Software, working on Airfoil, Intermission, Pulsar, and Radioshift
- **2009-2010** — Engineer and administrator of the open-source ClickToFlash plugin
- **2016-present** — Founded the Underpass App Company / Lapcat Software as a full-time independent developer
- **2018** — Released StopTheMadness, his flagship Safari extension
- **2019-2020** — Reported a macOS privacy-protection bypass to Apple's Security Bounty program; publicly disclosed it after six months of silence
- **2020** — Among the first to reveal the macOS OCSP service was running unencrypted over the internet (the 'OCSP appocalypse')
- **2021** — Brought StopTheMadness to iOS and iPadOS 15
- **2023** — Joined Mastodon after leaving Twitter/X

## Achievements

- Created StopTheMadness, one of the most popular privacy and usability Safari extensions for Mac and iOS
- Credited with multiple CVE security disclosures across macOS, Safari, iOS, and WebKit
- Publicly exposed the unencrypted macOS OCSP certificate-check traffic in 2020
- Eight years of shipping software at Rogue Amoeba
- Co-led the open-source Vienna RSS project and maintained ClickToFlash
- Built Knox, a Mac encryption tool later acquired by AgileBits (1Password)
- Bonjeff, his open-source Bonjour network browser, has 269 GitHub stars

## Latest updates

- **2026-03** — Documented that Apple has been systematically removing user-facing privacy and security controls from Safari across macOS and iOS.
- **2024-12** — Published 'The internet is full of experts,' defending the right of non-cryptographers to question Apple's default-on Enhanced Visual Search.

## Links

- Website: https://lapcatsoftware.com
- Twitter/X: https://x.com/lapcatsoftware
- GitHub: https://github.com/lapcat

---

Profile page: https://yespress.io/jeff-johnson
Published by YesPress — https://yespress.io
Last updated: 2026-06-03
