LineageOS sends connectivity checks, time adjustment requests and system webview (chromium by default and not easy to change) data to google servers as far as I know. Are you sure it doesn't send anything to google? On the other hand, there is an app Invizible Pro on FDroid, which is perfect to prevent such connections. Maybe you assume the user will install it?

I will try it, thank you :)

No, it wasn't at the time of recording. It was a confirmation later on that tor and network manager were the only apps using the ports with brave opened.

Does also your computer connect to Amazon, Hetzner, 1337 Services GmbH, Evanzo GmbH and ThomasFamilyInvestments without a reason?

Thank you for the informations. There were nothing in the foreground but tor was apparently running in the background. But I'm still not sure if these services were all due to Tor. I need to run another record I guess

Thanks for the informations. This clarifies a lot.

i only have these over long term but brave was closed when recording:

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp ESTAB 0 0 192.168.1.100%wlan0:68 192.168.1.1:67 users:(("NetworkManager",pid=1065,fd=27))
tcp ESTAB 0 0 192.168.1.100:57728 185.246.86.175:9001 users:(("tor",pid=1143,fd=16))
tcp ESTAB 0 0 192.168.1.100:60406 54.36.178.108:443 users:(("brave",pid=5153,fd=27))
tcp ESTAB 0 0 192.168.1.100:40606 89.58.56.112:587 users:(("tor",pid=1143,fd=12))

so am i running a relay in the background although tor browser is closed?