They are arguing in bad faith. They clearly know how to disable the relevant subset of these features. They don't do this upfront because they would have nothing to write about otherwise.
As a user, you can configure these settings in the UI. You can use the defaults command. They can be configured using a configuration profile/MDM. You could block the domains based on their associated feature, which are publicly documented by Apple. [1]
It's like complaining about Windows telemetry without bothering to configure the registry (or even open the settings menu).
Smartphone OS manufactures like Apple and Google do not allow strong secure features to black domain or IP addresses. There are attempts at cheep hacks to use VN or accessibility work a rounds but they can be overwritten by the OS and they prevent use a firewall and VPN at the same time.
I have used encrypted DNS profiles on iOS to block them at the resolver level. However, the correct thing to do is to disable the feature in a configuration profile. You can also block them on macOS using Little Snitch or similar.
No, you sometimes can't use two apps on iOS that attempt to configure DNS and a "VPN" for local filtering purposes at the same time (the latter is often a glorified hosts list).
You absolutely can use encrypted DNS and/or a VPN (or Private Relay). None of these have bearing on using an application firewall or pf on macOS.
As a user, you can configure these settings in the UI. You can use the defaults command. They can be configured using a configuration profile/MDM. You could block the domains based on their associated feature, which are publicly documented by Apple. [1]
It's like complaining about Windows telemetry without bothering to configure the registry (or even open the settings menu).
[1] https://support.apple.com/en-us/101555