Run OpenSnitch for a while and you'll quickly realize how much of your system does phone home. Off the top of my head:

- GNOME Shell (extension updates without a way to disable this, weather),

- GNOME Calculator (currency exchange rates),

- NetworkManager (periodic hotspot portal checks in most configurations),

- GDB (debuginfod enabled by default),

- Firefox (extension updates, push notifications, feature flags, telemetry, ..., some parts cannot be disabled),

- VSCodium (Open VSX callbacks even when installing extensions from disk with updates disabled, JSON schema auto-downloads, extensions making their own unsolicited requests, ...),

- Electron (dictionary updates from Google servers, no way of disabling; includes any application running on top of upstream Electron, such as Signal, Discord, etc.),

- GoldenDict (audio samples fetched from the Internet on word look-up, no way to disable)

Of course, this is nothing compared to Windows [0] and macOS [1], but the malpractice of making Internet connections without asking, by default, has unfortunately been finding its way everywhere since modems stopped making audible sounds.

Having read about PRISM and seen the leaked dashboards of Paragon Graphite (said to be used by ICE), and with LLMs bridging the gap between mass and targeted surveillance, I don't want any of this.

[0] https://github.com/microsoft/calculator/blob/ffd0519676019a0...

[1] https://sneak.berlin/20201112/your-computer-isnt-yours/

Does it contain Firefox? How about Chrome?

Quote from LittleSnitch:

> Little Snitch for Linux is built for privacy, not security

What's your definion of malware in this context?

Ads, trackers, general boost to privacy. Not every protection tool is just about malware.

Yeah I will also be safe if I never turn on the PC, but some of us use computers to do actual work.