I just found this out recently. So this isn’t actually Nautilus itself but it’s the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, any third-party requests will leak out the clearnet.
This is an open issue and I don’t expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the sushi package). On atomic distros if Gnome Sushi is installed as a flatpak you might be able to revoke internet permissions for it using Flatseal, though I have not tested this.
Edit: I’m aware that KDE also has file previewers, but I’m not sure if they have the same issue. If anybody else knows please leave a comment letting us know
Thanks for tipping the previewer’s name. Not concerned with the (valid) sec aspect personally, but I’ve accidentally hit space a couple of times since meta+shift+space is Sway’s default for floating / tiling a window and I don’t use the preview anyway. Let’s uninstall.