1. There is always an analog hole. If you are interacting with a device outside your brain, then whatever you are doing exists in an unencrypted state and can be observed, even if your private key is inside a safe "compartment". Yes, you can interact inside a properly shielded and otherwise uncompromised room, but few people outside of professionals are ever going to do that. More realistic is that you will interact on a smart phone in public (or within sight of a window) and much of what you do will be observed by cameras or other surveillance devices. From there is is a small matter of archiving and search technology to find the recordings of your activity.

2. There are ways of getting your transactions out that don't require direct IP communications at all. The bar to find some way to do that is really very, very low. (As opposed to, say, interactively browsing a web site, which is a much tougher problem to solve.)

3. Monero can be made very resilient to network-level surveillance, because of its end to end properties, similar to Zerocash. It won't be as good in terms of theoretical zero-knowledge properties, but it has a much better cryptographic and engineering margin of safety in practice. Yes there are potential weaknesses but they can be mitigated (for example by being careful how you respend your own change). It is already probably possible to do this with the existing tools as a careful and sophisticated user. We can make it easier for normal users (as in my analogy of how good end-to-end encryption exists today even though most users don't understand how it works or how to do it).