[amelius]

You can also block the updater's internet access by adding this to your /etc/hosts file:

    127.0.0.1 api.snapcraft.io

And for other updates:

    127.0.0.1 archive.ubuntu.com
    127.0.0.1 security.ubuntu.com
    127.0.0.1 mirrors.kernel.org
    127.0.0.1 deb.debian.org
    127.0.0.1 ppa.launchpad.net
    127.0.0.1 flathub.org
    127.0.0.1 dl.flathub.org

Use at your own risk of course.

[setuid]

Or you can just avoid hacking your hosts file and breaking other tools, and set your Snap and Apt proxy configuration to a non-existent value, or firewall their ability to reach those hosts.

Or configure them properly by disabling auto-updates, configure unattended-upgrades appropriately for your needs, and only update your apt packages from a known, internal mirror endpoint that doesn't change until you point it to a new timestamp.

That's how it works in the real world, in production. It's not 1994, we don't hack hosts files anymore.