Butt-tagging the browser is almost certainly the least-worst way of identifying abusive people who are in that narrow band of “smart enough to change usernames / IPs but not smart enough to switch browsers and/or clear their cookies”. Whether that band contains enough people to make it worthwhile to build that tracking into core (or even provide it as a plugin, which would go some way to alleviating the privacy implications, because it wouldn’t be on-by-default) is another question…
The more advanced (and much more tricky, technically) approach is to use “browser fingerprinting” (as demonstrated by the EFF’s Panopticlick project), which prevents the abusive person from clearing their cookies to avoid being tracked across their accounts, but doesn’t prevent switching browsers.
Either way, the way I’d approach it is that when a new user is registered whose signature (either the same cookie value, or browser fingerprint) matches a currently suspended/banned/whatever user, mods are notified (and, optionally, the user is temporarily blocked, if you’re under sustained troll attack). The user can then be whacked or paid close attention to, as appropriate.
To at least put a fig leaf over the privacy concerns, I wouldn’t allow mods to answer the question, “which users share the same signature?”. Admins, of course, can dump the DB, so there’s no point trying to actively prevent them from answering such questions, although I don’t see a particular need to give them a simple way to query this, either.