Is this in any way surveillable? Surely this wouldn’t stop middle man attacks or ISP bulk collection?

There are many different layers at which man-in-the-middle attacks or mass surveillance can happen.

For looking up domains:
Depends on if you’re running your own Blockstack node or not. If you’re running your own Blockstack (full) node then all your domain queries are local then it’s hard to man-in-the-middle or track them (without taking over your machine, in which case you don’t have any privacy anyway).

For your data:
We store encrypted data on the cloud providers that you connect and the data is encrypted in-flight as well as at-rest. We verify the signatures on the data with the bindings registered on the blockchain, so it’s hard for someone to give you “fake data” and pretend that it came from the author of that data. You also need to be careful about meta-data leaking even if the data is encrypted. Meta-data visibility is an important topic of the design of Gaia, the storage system of Blockstack.

Sweet, OK well I have a couple of follow up questions:

What encryption methods are you using?

Will you be developing methods to personally monetise your own data in a sense of flipping the current data mining paradigm on its head?