You have to decide if this is just an academic interest that you want to know out of curiousity or if you worry about a more or less targetted attack.
The only way to make sure is to inspect all traffic yourself. Not an easy feat and may require some specific hardware capability on the part of your network switch (you need a managed network switch), namely to duplicate all outgoing traffic on the machine that you are interested in analyzing.
Then you need to make yourself a certificate authority to see the encrypted(?) traffic. I havent done this myself but to my understanding, part of the thing you need to do is run PiHole and put DoH in a blacklist.
I can no longer give more info because I havent done this personally and I lack the actual know how.
If I were you, just make things simple for now and just use an air-gapped machine for your sanity’s sake.