diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 3d76074..3107ff6 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -456,8 +456,12 @@ function user_template_preprocess_default_variables_alter(&$variables) {
 function template_preprocess_username(&$variables) {
   $account = $variables['account'] ?: new AnonymousUserSession();
 
+  $variables['profile_access'] = \Drupal::currentUser()->hasPermission('access user profiles');
+
   $variables['extra'] = '';
-  $variables['uid'] = $account->id();
+  if ($variables['profile_access']) {
+    $variables['uid'] = $account->id();
+  }
   if (empty($variables['uid'])) {
     if (theme_get_setting('features.comment_user_verification')) {
       $variables['extra'] = ' (' . t('not verified') . ')';
@@ -469,8 +473,14 @@ function template_preprocess_username(&$variables) {
   // unsanitized version, in case other preprocess functions want to implement
   // their own shortening logic or add markup. If they do so, they must ensure
   // that $variables['name'] is safe for printing.
-  $name  = $account->getDisplayName();
-  $variables['name_raw'] = $account->getUsername();
+  if ($variables['profile_access']) {
+    $name = $account->getDisplayName();
+    $variables['name_raw'] = $account->getUsername();
+  }
+  else {
+    $name = t('Invisible user');
+    $variables['name_raw'] = t('Invisible user');
+  }
   if (Unicode::strlen($name) > 20) {
     $name = Unicode::truncate($name, 15, FALSE, TRUE);
     $variables['truncated'] = TRUE;
@@ -479,7 +489,6 @@ function template_preprocess_username(&$variables) {
     $variables['truncated'] = FALSE;
   }
   $variables['name'] = $name;
-  $variables['profile_access'] = \Drupal::currentUser()->hasPermission('access user profiles');
 
   $external = FALSE;
   // Populate link path and attributes if appropriate.