Curiously, while Verizon has been tracking users' online activity for two years, it was only last week that people started noticing that Verizon was using a controversial sort of "super cookie" that modifies user traffic to uniquely identify users. This Unique Identifier Header, or UIDH, broadcasts your identity across the web -- and remains -- and can be abused -- even if you opt-out of Verizon's programs.
That's a huge problem, notes Stanford lawyer and computer scientist Jonathan Mayer, who writes that broadcasting that unique identifier is rather ham fisted
Verizon isn't the only carrier doing it. @kennwhite noted on his sniff page the following carriers his tool will identify: AT&T, Verizon, Sprint, Bell Canada, & Vodacom.
You can check to confirm if your device's requests are being injected at http://lessonslearned.org/sniff
**Edit: It has been confirmed that T-Mobile doesn't inject UID into http traffic. Note that these carriers can only inject into HTTP traffic, so any site that uses HTTPS will be protected from this. Larger sites like Amazon, Facebook, Yahoo all use HTTPS, effectively protecting you from this nonsense.
So glad I moved to T-Mobile two years ago.