While true to an extent, this is a bit of short sighted view to where the risk of using an end of life OS is coming from. As a regular user a entirely remote attack is unlikely regardless of what OS you're using (although that's assuming you're not running a router which hasn't received a firmware update for 10 years, you aren't using uPnP and that you haven't badly misconfigured your network such as placing your device in the DMZ).
The real risk has always come from the applications that you're running, and the web services that you're accessing. Having an up to date web browser is all very well but the sandboxes they use to try and minimise the risk of malicious code accessing your system are only as strong as the underlying operating system that is orchestrating those processes. If you look at the
Chromium sandbox they're very clear that "The sandbox cannot provide any protection against bugs in system components such as the kernel it is running on.", and additionally if you
look at the description of the features you'll note that the effectiveness of the sandbox only continues to increase as you move to more recent OS versions which have added functionality their sandbox can leverage.
Whatever you use - Windows, Linux, Mac - you're always going to be at the risk of vulnerabilities in the OS. By using a supported OS version and keeping it up to date you're doing everything that you can reasonably be expected to do in order to minimise that risk to your system and to your personal data. If you use an end of life OS that risk is only ever going to continue to grow month by month. If you're happy to take that risk then good luck I guess.