Hmm, how does cookie based tagging prevent people from using incognito or anonymous mode in their browser? Do we really think these people are smart enough to use a VPN to evade IP bans, but not smart enough to enter anonymous/incognito mode in their browser?
It would be a tremendous waste of engineering effort to spend a lot of time on a cookie check when all the user needs to do to evade it, is to tick the “anonymous” or “incognito” mode in their browser…
My suggestion is to lock down new account creation – temporarily require approval for new account signups – and vet each new account.