Also, if you want to prevent tracking at the USPS -- ship the phones in unmarked boxes with postage purchased with cash. Don't use a return address and randomize the post-offices drops you utilize to send the packages.
When the phone is turned on, the phone communicates with cell towers. This can approximate your location. To be truly anonymous (as much as possible) you should have the phone cut ALL communication with the cell towers. When you make the call, the antenna turns on, call is made, antenna turns off.
Additionally if the phone can be configured to use wifi for phone calls, then ideally you decrease the possibility of the location being tracked.
If the phone is on in theory authorities should be able to pull records from the cell companies and track every place the carrier of the phone visited.
For added shipping security always ship from a VERY high volume shipping place. This way its hard to isolate your package, but not impossible.
Using the existing phone network? Probably not easily.
I think the ideal way would be to make the device a passive satellite receiver. Then when a phone call arrives for your device, the satellite broadcasts a message which your device can passively receive which tells it to wake up and get on the cell network.
In theory you can do this with cell towers (it's how pagers work -- you may even be able to reuse the existing infrastructure), but in that case you either have to know somehow which tower is in range of the device (which obviously leaks the device's general location) or you have to broadcast on all towers everywhere (which, as wireless bandwidth increases, becomes increasingly practical since the incoming call message would have nearly trivial length).
If you control both the tor entrance and exit nodes, you can unmask the user. Statistically, controlling 300 nodes (~1% of the network) should be enough to unmask a large number of users. It is not hard to spin up a whole bunch of servers to the mix, and I would find it very hard to believe that the NSA/similar does not already control a substantial portion of the network.
Why is turning away business smart - don't prepaid cards get authed the same way normal cards do? Are they commonly associated with fraudulent orders? I am genuinely curious, they seem like they would be generally safe for merchants to accept online.
They're generally associated with fraudulent orders in a lot of markets. They're easy to get and hard to trace, and limit the liability of the person doing it. I've heard that they're common to use for buying resealable goods to launder smaller amounts of money.