Suggestion: Warn users against using E2EE services as a webapp or in a web browser.
Session does not support PFS so the issues that come with using something insecure like OpenPGP applies to it so I would recommend removing it altogether as users have a general tendency to be “extremists” (no ph. no. requirement) without analyzing a lot of underlying stuff.
Recommend users against turning on too many filter lists as this may be a security concern.
Overall a good blog! Keep up the good work!