On the top of my head:

* TOR first (maybe I2P or some other network traffic mixing net)

* EXIF removal on all meme uploads

* A proper DM implementation that doesn’t leak anything

* Local/encrypted relay list

* Local/encrypted following list

* Local/encrypted bookmarks

* Ensure that the application runs properly on TailsOS or similar privacy OSes if you’re making a desktop client