Oooh, that's clever. So the mole I clicked on in the author's POC was in a position that was unique to my combination of visited and non-visited sites. The evil attacker has no way of knowing that though, until I play the "game", click on the mole, and trigger a GET request with the info. Do I have that right?
Even with JS the the attacker has no way of knowing it until a user-initatied event, such as a click. But yes, in the non-JS case it must cause a full page reload, but as pointed out in a sibling thread, that could just be on a legitimate link (like, say, a link to elsewhere on the site, just passing the data in the query string).