For my own purposes, I've been gathering some links on uses of "header enrichment" (a lovely, Orwellian term), which I hadn't realized was the term typically used to describe network-level insertion of user identifiers (or potentially other information, like billing information) into outgoing network traffic.
- ProPublica article
- Cisco whitepaper on header enrichment (revenue generation through types of advertising) and packet inspection (to allow tiered pricing based on type of usage of network services)
- Juniper documentation of X-MSISDN header
- 4GAmericas paper on value-added services, noting the potential problems of SPDY/HTTP2 encryption which can interrupt insertion of headers and inspection of traffic
- Similar whitepaper from ATIS/OWA
- OpenWebAlliance, group created by Alliance for Telecommunications Industry Solutions for stakeholder discussion of proxies in response to SPDY/HTTP2
- T-Mobile Netherlands documentation of the X-ASID header "Anonymous Subscriber ID" (2008)
- Jonathan Mayer with an overview of the Verizon header
- Erosion of the moral authority of middleboxes Internet-Draft: in particular, see:
This document discusses several reasons why the legitimacy of these use cases is undermined in the minds of some who build products for the Internet.
- IETF Memes on header enrichment (a newcomer to the memes-about-standards space)
We've been talking about this practice in one way or another in the privacy community for years, without common terminology. The push to end-to-end encrypt more web traffic in response to Snowden revelations has spurred active reactions from some middleboxes/network providers who are simultaneously trying to find new sources of revenue.