The ad industry is still reeling from news that Mozilla intends to block third-party cookies by default in an upcoming version of the popular Firefox browser. As companies are mulling this development, many industry watchers are wondering whether ad networks will circumvent the upcoming Firefox block -- either by tricking the browser into accepting cookies, or by using other tracking technology, like device fingerprinting or "history-sniffing." Those possibilities aren't farfetched. On the contrary, Web companies have tried almost every technique in the book to track people. Consider -- Stanford grad student Jonathan Mayer reported one year ago that Google, PointRoll, Vibrant Media and WPP's Media Innovation Group were circumventing Safari's default settings by tricking that browser into accepting third-party cookies. Before that, other companies including Epic Media Group used "history-sniffing" to figure out which other sites users visited in order to compile marketing profiles of them. History-sniffing technology exploits a browser feature that changes the color of links after users visit them. Ad networks and other companies that use the technology are able to determine which sites users have previously visited. And even before history-sniffing came to light, a host of companies were storing tracking information in Flash cookies -- which remained on users' hard drives after they deleted their HTML cookies. Most of those companies faced a wave of bad publicity, not to mention lawsuits, but no court has ever said that the techniques were in themselves illegal. Federal Trade Commission representatives blasted some of those tracking initiatives, but the agency has only acted when a company allegedly deceived users -- such as by lying to them in the privacy policy. For instance, after news broke about the Safari hack, the Federal Trade Commission extracted a $22.5 million fine from Google. But the FTC didn't target Google for the hack in itself, but because the search company had violated its privacy policy, which represented that using Safari prevented tracking. If Google hadn't made that statement, the FTC wouldn't have had a case. Likewise, the FTC brought an enforcement action against Epic after reports surfaced about the company's use of history-sniffing. Again, the FTC didn't allege that history-sniffing was an unfair or deceptive practice. Instead, the agency argued that Epic deceived users by failing to state in its privacy policy that it used history-sniffing techniques. That omission could have affected consumers' decisions about whether to use Epic's opt-out tool, the FTC said. In other words, as long as companies disclose their practices, they might be on safe legal grounds. That doesn't mean that circumventing settings in order to track people is a good idea. If nothing else, it violates users' assumptions about how their data is being collected and used. When they discover the truth -- as they inevitably will -- some proportion will be more inclined than ever to support restrictions on companies. Still, some observers think that the need for data is so strong that ad networks will go to any lengths to obtain it. Jim Brock, CEO of PrivacyChoice, says the ad industry tends to accept "invasive technologies" such as device fingerprinting -- which users have no easy way to prevent. "If third-party cookies really cease to provide a tracking platform, it will be replaced with others," he says in an email to MediaPost. "It's like air rushing into a vacuum."