(Assuming these people aren't idiots). You don't know if they have any kind of reverse proxy setup beyond that. Even if they seize whatever server has the IP that Cloudflare is proxying they might just find an nginx server that's only a reverse proxy. If they alternate servers periodically and locate them in non-cooperative jurisdictions then they can prevent the government from finding anything useful. If they get kicked off Cloudflare they'll just go to DDOS-Guard. WHOIS data will probably lead them to njal.la, a person that does not exist, or some other domain nominee service. Nice right?
Coudflare is well known to tolerate even criminal activity unless they get a cease and desist order, and even then may not take action unless they get enough complaints or it's bad enough. This is why all the Russians scammers use Cloudflare when running youtube crypto scams. Same for hosting copyrighted stuff. There are countless complaints of copyright holders struggling to get Cloudflare to take action.
It's also trivially defeated by the kind of financial centralization that would necessarily follow in this kind of mass-adoption scenario: the payment processor (BitPay, Visa, MasterCard, whatever) can have a pool of Bitcoin transaction addresses that they use across all clients, and then commingle and convert client funds to USD (or whatever desired currency) before privately remitting the USD.
The payment processor itself would have perfect visibility into the revenue of the merchant, but that's already true today.
The big problem is that people have a fundamental right to financial privacy from the public, but not (in many places) a right to financial privacy from their government. But, in the crypto world it has been difficult to achieve the first without the second. You can send funds to an exchange and then send them to a different wallet but there's the risk the exchange won't let you withdraw funds, and this type of activity is flagged as an AML risk and could be cited as actual evidence of money laundering, despite it having a very clear legal motivation behind it.
I'm adding to your comment and not trying to argue (unless you want to!): There's no distinction between the public and the government. The government is made up by the public. And corporations are usually first in line anyway. Much more "public" in the cake mix right there alone.
It's hard for me to think in terms of rights. I don't know what the word even means. Legal rights? Moral rights? God-given rights? You can say I have a right not to be murdered, but that doesn't matter very much if in fact I just got murdered. All I know is that some people feel they have a "duty" for lack of a better word, to keep all their dealings as private as possible. If I were such a person, this would mean using cash, metals, and cryptocurrencies like Monero as much as possible through decentralized services. It would even mean using things like credit/debit cards to maintain a "good person" public persona. Going grey so to speak.
Not even just from the public, but imagine if making a payment to someone for $whatever, and that allowed that recipient to see whomever else you paid money to, and who paid you.
