It's not so much that browser cookies are a 'ruse', but you're right that there are other ways to track people by the masses on the internet (ways that we know about, and probably many more we don't). I think the easiest would just be for [them] to monitor your activity at your ISP level (or Cellular Data Provider for a phone). Which is partly why someone gets a VPN. But what if your VPN provider is a company that secretlly would allow an authority access to their systems and your account.
There is also 'canvas fingerprinting', which I think is a way to track you by your combination of browser type & version, OS type & version, along with your specific browser plugins & browser settings. There is also the behavioral patterns we all set, like the combination of websites we go to each day, plus those we check occassionally, plus the times of day/night we visit them, plus the automatic traffic going into and out of our computer from programs that doesn't depend on which websites you visit.
I imagine they also can patch into someones' modem or wireless router remotely, and monitor everything from there without having to go to the ISP. Any device you've connected to WiFi, remember when you typed in the router ID and password on an operating system owned by Microsoft, Google, or Apple, and in addition to being saved as a configuration on your deivce, that data is being stored and you don't know by who or where, and you don't know who they give access to it. I also suspect that all antivirus programs, whether free or paid, are passing on all our online activity and all the files on our computers to one corrupt authority or another.