Note that you might also want to look at network firewalls which stop whole network protocols from doing stuff.
Application firewall, with emphasisis on outgoing connections and very nice UI/monitoring.
As soon as you’re connected to the Internet, applications can potentially send whatever they want to wherever they want. Most often they do this to your benefit. But sometimes, like in case of tracking software, trojans or other malware, they don’t.
But you don’t notice anything, because all of this happens invisibly under the hood.
opensnitch is an open port of Little Snitch. It has dicey reviews but looks much better than nothin’.
AppArmor, the preferred ACL system of Ubuntu is in effect an application firewall, in that it controls access to resources for processes including network resources.