Yes, the social souroundings of your node need to be tight as well, to ensure your identity is anonymous and protected. Recalled a couple of options I forgot yesterday, wanted to mention them since they are important:

• don't use public mempool sites to look up tx's. this could allow malicious sites to relate your identity (IP) to tx. Better always use your local mempool instance from your node
• don't use umbrel. Better go for a bare-metal setup, where you only install what you need, and everything is validated by the open source community. Raspibolt is a key here, and has most of the apps you may be used to use as install guide (including mempool, see above)
• you may ditch twitter and telegram completely, and go full #nostr. It's a vivid bitcoin and lightning community, and helps you to stay completely anonymous and away from centralised social media services

On your last question on OS updates: This was more about security, not about privacy per se. But if your security is weak, it creates attack vectors to expose your identity, too. So keep a natural habbit keeping your OS up-to-date secures your stack and your identity. One more thing: #raspiblitz has everything Tor'ed (even OS updates), so your ISP basically doesn't know shit about you

• running bitcoind
• running a linux system
• transacting with lightning

The drawbacks are speed and reliability as @1fatmess mentioned further below. But as long speed is not a key factor, tor is a great obfuscation method.

Hope this helps and adds to your research list