[bigiain]

Keep in mind your browser isn't the only app you're running that makes network connections, and it's not even the only app that makes network connections that runs network-supplied javascript. I wonder how much research has been done into Electron apps like Slack and Whatsapp from a javascript exploit point of view?

[geofft]

I don't run the Electron apps because I just don't trust them - I already have a perfectly good and secure thing for running JS, it's my browser. :-) I agree that they're a huge attack surface.

The only other things that should be making connections are OS update checks, which should be secure already, and an SSH or mosh client.