Even if I start Confluence with -Dconfluence.disable.peopledirectory.anonymous=true, it is still possible to browse individual users by visiting a URL like https://[wikiBaseUrl]/display/~[accountName].
This is a major security problem for us because it exposes:
1. The user's name
2. The user's ID
3. The user's email address
Evidence of the data leakage can be found by searching Google on the account name of people in the People Directory.
Because of this problem, we had to disable all anonymous access to our system, and I am dealing with fallout from reduced institutional confidence in Atlassian Confluence.
"Best security practices" should require this information not be made available anonymously without a sysadmin override.
Also, it should also be easier for administrators to restrict access than by hacking the registry (for Windows Service-based installs) or modifying setenv.bat.
I set priority to "critical" because:
A. This has negatively impacted our use of Atlassian. I had to disable anonymous view privileges on wiki spaces that we needed to be exposed to the world (like our Help Desk wiki space).
B. This is a security hole.