[img src="" caption="" credit="" alt=""]
This is a scary use of ajax: to view the browser history of all your site's visitors.
Spyjax exploits a simple feature of all browsers: changing the color of links for sites you've visited. A piece of javascript on a webpage can view the color of these links to determine whether you've visited a site. This can't just extract your entire browsing history, since it needs a predefined set of URLs to test - thanks to ajax, however, thousands, even tens of thousands of URLs can be tested in a matter of seconds. You could test the top 10,000 sites in Alexa, for instance, to see which sites an individual user has visited. You can even get a SpyJax widget to show your visitors all the data you're harvesting from them.