This is a scary use of ajax: to view the browser history of all your site's visitors.

Spyjax exploits a simple feature of all browsers: changing the color of links for sites you've visited. A piece of javascript on a webpage can view the color of these links to determine whether you've visited a site. This can't just extract your entire browsing history, since it needs a predefined set of URLs to test - thanks to ajax, however, thousands, even tens of thousands of URLs can be tested in a matter of seconds. You could test the top 10,000 sites in Alexa, for instance, to see which sites an individual user has visited. You can even get a SpyJax widget to show your visitors all the data you're harvesting from them.

There's no doubt that this is extremely sneaky and visitors wouldn't be at all happy if they found out. There are two unsatisfactory solutions if you don't wanted to be SpyJax'd: clear your browser history, or disable javascript all together. Surely this should e considered a security flaw?