That's a good idea - you can also configure a local bind/dnsmasq/unbound server to block based on these lists with ACL's (sure if you google each you'll find tutorials, like this one: https://github.com/jodrell/unbound-block-hosts)
Some of the better home router distros will also do this at the local network level
1Password relies upon a single, strong password for your "vault", which is vulnerable to sniffers and intermittent surveillance.
I don't understand why they don't offer (at least) 2-factor key for the vault.
Also, they support TouchID on iOS devices, very useful. But in the US, at least one case of someone being legally required to unlock via TouchID, whereas offering up a passcode is still debatable.
So at least offer a short PIN-and-TouchID, and support some 2-factor like Googly Authenticator.
They must have at least considered these things. I don't understand any security issues with this. Implementation is work, and perhaps a support hassle for them.
This is pretty much the nature of password managers. That password is only ever entered locally. If an attacker can grab local keystrokes, it's game over anyway.
>they don't offer (at least) 2-factor key for the vault
Neither TOTP nor any kind of push/SMS token can be used to secure data at rest. These are mechanisms to authenticate to a server. You could have "2 factor" for data at rest by storing part of the key separately, but there'd be nothing dynamic about it; copying the key material once would be sufficient to use it forever.
LastPass offers 2-factor to authenticate to the LastPass website, but your vault is cached encrypted on the client side, and such a cached copy can be opened using only the master password. (IIRC there is an option to disable this, which works by erasing the cached copy at the end of a session. Hardly bulletproof, and precludes having any sort of backup resilient to the failure of LastPass itself).
2. I do that. In addition I use this: http://winhelp2002.mvps.org/hosts.htm I have a python script that builds a host file from several sources.
4. Most readers here should be able to build their own router with a banana pi and IPfire