you can check the process to see if its communicating at all. none of the big ones do. its possible someone could be fucking with the file though, before the safetensors format this was a big issue, and still sort of is afterwards. only DL from reputable sources

Deny it internet access

It’s not the model that would be sending telemetry - it’s the runtime that you load it up in. Ollama is open source wrapper for llama.cpp, so (if you have enough patience) you could inspect the source code to be sure. Regarding running it in sandbox: you could, and generally it does not add any tangible overhead to the tokens per second performance, but keep in mind that in order to give the model runtime (ollama, vllm and the like) access to your GPU you usually need some form of sandbox concessions like PCIe passthrough for VMs or running nvidia’s proprietary container runtime plugin. From my measurements, there is zero difference in performance when running a model loaded in a GPU on baremetal, a docker container with nvidia container runtime or a proxmox VM with PCIe passthrough. Model executes on GPU itself and barely uses any CPU (sampling and loras are usually CPU operations). vLLM does collect anonymized usage stats. Since it’s open source - you can actually see what’s being sent (spoiler: it’s pretty boring). As far as I know, Ollama has nothing like that. None of the open source engines that I know of are sending your full prompts or responses anywhere though. It doesn’t mean they will keep being like that forever or that you should be less vigilant though 👍

LLMs are not different from any other type of software. Is there a privacy policy you can refer to? Can you monitor the network to see of it is trying to communicate with anything? If you want to be sure, just block internet access. This seems to be open-source so you could also just search for the phone-home code and remove it if it exists.