The simple explanation for why online petitions are a waste of bandwidth?

No way to tell whether the petition signatures are real or just a bunch of kids playing games.

They have no legal standing at all, unlike a petition you actually sign in person for a ballot initiative.

IP addresses, MAC addresses, route traces can all be spoofed. If you put more security on your site to avoid it, hackers just view it as a new challenge. This results in no way to tell whether the petitioner's collection of signatures is genuine.