* DNS and TLS (SNI) don't hide domain names, so you can't hide the fact that you're using certain sites/apps, even if they're HTTPS-only.
* If the OS doesn't require NTP encryption, HSTS can be bypassed: https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-By...