THREAT MODEL & ARCHITECTURE
PROTOCOL VERSION: 9.2 // CLASSIFICATION: PUBLIC
1.0 THE LINKABILITY PROBLEM
In standard cellular networks, a user's identity is triangulated through three persistent identifiers. If an adversary controls any one of these data points, they can unmask the user's real-world identity.
THE "STANDARD" CARRIER MODEL
- Billing ID (The Money): Credit card usage links the account to a legal name and address.
- Network ID (The SIM): The IMSI (International Mobile Subscriber Identity) is permanently linked to the Billing ID in the carrier's HLR (Home Location Register).
- Hardware ID (The Phone): The IMEI (International Mobile Equipment Identity) is broadcast to the tower alongside the IMSI.
The Result: When your phone connects to a tower, the carrier logs: "John Doe (Credit Card) using iPhone 13 (IMEI) is located at [GPS Coordinates] (Tower)."
2.0 THE VNSH SOLUTION
VNSH functions as a Financial Air-Gap. We break the chain of custody between the "Money" and the "Network ID."
2.1 FINANCIAL DECOUPLING
We acquire roaming inventory in bulk using non-attributable offshore corporate entities. These SIMs sit in our "Blind Pool." To the global carrier, they are simply unassigned inventory units.
When a user purchases an eSIM from VNSH, they use Bitcoin or Monero. These currencies have no intrinsic link to a physical identity (if managed correctly).
2.2 THE BLIND HANDOFF
Unlike competitors who require email accounts (creating a paper trail), VNSH uses a Zero-Knowledge Delivery System.
- No Accounts: We do not have a user database.
- No Logs: Our Nginx server runs in-memory with access logs disabled.
- Sequential Assignment: Our SQL logic assigns the next available SIM sequentially. There is no way for an admin to "target" a specific user with a specific compromised SIM.
3.0 OPERATIONAL SECURITY (USER RESPONSIBILITY)
VNSH protects the Financial Link. However, we cannot protect against physics. If you use this tool incorrectly, you will de-anonymize yourself.
3.1 THE IMEI CONTAMINATION RISK
CRITICAL WARNING: If you insert a VNSH eSIM into a phone that has ever been used with a SIM card registered to your real name, you are compromised.
Carriers maintain historical logs of IMSI-IMEI pairings.
- Scenario: You used AT&T on your iPhone for 2 years. AT&T knows that IMEI 12345 belongs to "John Doe."
- Mistake: You put a VNSH Anonymous SIM into that same iPhone.
- Leak: The cell tower sees "Anonymous SIM" inside "IMEI 12345." The carrier database automatically links the new SIM to John Doe.
THE FIX: You must use a dedicated, clean device (e.g., a cash-bought Pixel or a travel router) that has never touched a SIM linked to your identity.
3.2 BEHAVIORAL CORRELATION
Even with a clean phone and anonymous SIM, your traffic can identify you.
- App Telemetry: If you log into your personal Google Account, iCloud, or Facebook, those apps send your IP and Location to their servers. The anonymity is gone.
- Location Pattern: If a "Ghost Phone" spends 8 hours every night at your home address, it is statistically probable that it belongs to you.
THE FIX: Treat the device as "radioactive." Keep it in a Faraday bag when not in use. Never bring it to your home or workplace if your threat model involves state-level adversaries.
4.0 DATA DESTRUCTION POLICY
We operate under a "Toxic Waste" data policy. Customer data is a liability, not an asset.
- The Reaper: A server-side daemon runs every 5 minutes. It scans for expired orders and executes a hard
DELETE on the SQL rows.
- The Bank Purge: Our BTCPay Server is configured to prune invoice metadata after 48 hours.
- Burn-on-View: Users may opt for immediate deletion upon viewing the QR code, leaving a 0-second retention window.