1). While an additional password can be added just for Access Control, the current device management password has privileges to do everything to the device, including wipe out all settings (i.e., reset the device). So this won’t help you in your scenario.
2). The router allows pretty complex rules to be defined. We think it’s more concise to use URL patterns to define the rules, rather than using additional UI.
3). We can put in some limitations to deal with this scenario. Stay tuned.
4). This can’t be done. The router can not reliably distinguish TOR from proxy.
5). We can add some additional selections.
6). This is not possible. The router only knows about Internet connections, it doesn’t know which program initiated the connections. For example, when a connection to Facebook is made, the router doesn’t know whether the connection came from a browser, the Facebook app or Facebook messenger.