After the above commit, checking the “Hide my public profile and presences features” option on Preferences → Interface does block the individual user RSS & JSON routes.
You can also uncheck the enable user directory site setting
enable user directory
Does that help?