I recently read a thread on reddit titled “A Privacy & Security Concern Regarding GNOME Software” that addressed a few issues regarding the fwupd daemon. The developer eventually responded and was able to justify and debunk most of the claims made against his software. However, that prompted me to have a closer look at the traffic originating from GNOME Software.

So I was minding my own business while connected to my VPN service when I noticed several blocked outbound network connections appearing in my firewall log. For some reason my wifi adapter (wlp3s0) was trying to connect directly to the internet without having traffic routed through my VPN interface (tun0). Was this my reward for not reviewing AUR PKGBUILD files, or was there another explanation as to why wlp3s0 wanted to disclose my real IP address?