Exactly. But instead of using it to try to change your UIDH within Verizon, it should encourage non-Verizon customers to just pollute the space with random UIDH values from all over the place.

And (as I previously noted) all Verizon has to do is *check the IP address of the client(!). They know the IPs they own.

Assuming that your adversary is dumb as well as malicious is a mistake.

True, but this header is presented to all sites visited. This wouldn't pollute Verizon's tracking (they could do this without the header). This may instead pollute the third parties which are taking advantage.