The concern I have is not for plebs. We typically run our own nodes on our own hardware and over TOR. I'm referring to services that run in Cloud providers that can get letters from 3 letter agencies. Ala Snowden...

AWS services run on hardware they control. They run hypervisors that we run our software on. I'm not sure how difficult it is for them to surveil but I imagine it is very possible and we would not know.

BIP 151 is a good start but I imagine a lot of the issues would have to be resolved on the hypervisor level