You know, I don't really know how you would check for that. It is a source of paranoia for me as well... I recently found a Linux distro called Dynebolic Linux which has OpenSnitch preconfigured on the ISO... It reminds me of the old ZoneAlarm for Windows. I'm debating between SplitLinux, NixOS w/WayDroid, Kicksecure, Dynebolic or Qubes as my "secure" daily driver. To get really paranoid, one must deploy a network intrusion system methinks. Maybe SELKS or some such server Linux?