It is missing an important route of privacy leaks: automated media loading. 
As it is right now clients connect to arbitrary web hosts to load embedded media in posts or DMs. The owner of that server can again see your IP address but unlike with relays you do not control which servers you connect to when loading media. 

There has recently been a campaign @Ostrich McAwesome to link pubkeys to IP addresses by sending a DM with a customized tracking link which clients automatically open because it disguises as an embedded  picture.