Interesting but this method is limited to the URLs that you list in the javascript (in this case linklist.js). More of a specific validation to see if the user has visited the links you provide rather than a total data scrape.
To full scrape the users history you would have to list every URL in existence.
For ad related purposes, it makes it easy to see if you've visited competitors' websites (3-5 of them), therefore meaning that you're actively looking for business, instead of just bouncing on the page with no intent of buying anything.
There are a lot of attacks like this, and it's serious enough that browsers attempt to mitigate them by e.g. preventing JavaScript from reading out the computed properties of a visited link element.
Three sites is obviously too small to do much, but if you splat in a list bigger list of popular web sites you can learn a lot about your visitors.
Would have been a greater one if linklist.js contained links to more sites than Github, Reddit and Hackernews... I mean I could have guessed those by assuming that I visited that page via Hackernews.
To full scrape the users history you would have to list every URL in existence.
Great proof of concept though.