diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 1394b23..295d3d4 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -457,9 +457,13 @@ function user_template_preprocess_default_variables_alter(&$variables) {
  */
 function template_preprocess_username(&$variables) {
   $account = $variables['account'] ?: new AnonymousUserSession();
+  $variables['profile_access'] = \Drupal::currentUser()->hasPermission('access user profiles');
 
   $variables['extra'] = '';
-  $variables['uid'] = $account->id();
+
+  if ($variables['profile_access']) {
+    $variables['uid'] = $account->id();
+  }
   if (empty($variables['uid'])) {
     if (theme_get_setting('features.comment_user_verification')) {
       $variables['extra'] = ' (' . t('not verified') . ')';
@@ -471,8 +475,14 @@ function template_preprocess_username(&$variables) {
   // unsanitized version, in case other preprocess functions want to implement
   // their own shortening logic or add markup. If they do so, they must ensure
   // that $variables['name'] is safe for printing.
-  $name  = $account->getDisplayName();
-  $variables['name_raw'] = $account->getUsername();
+  if ($variables['profile_access']) {
+    $name = $account->getDisplayName();
+    $variables['name_raw'] = $account->getUsername();
+  }
+  else {
+    $name = t('Invisible user');
+    $variables['name_raw'] = t('Invisible user');
+  }
   if (Unicode::strlen($name) > 20) {
     $name = Unicode::truncate($name, 15, FALSE, TRUE);
     $variables['truncated'] = TRUE;
@@ -481,7 +491,6 @@ function template_preprocess_username(&$variables) {
     $variables['truncated'] = FALSE;
   }
   $variables['name'] = $name;
-  $variables['profile_access'] = \Drupal::currentUser()->hasPermission('access user profiles');
 
   $external = FALSE;
   // Populate link path and attributes if appropriate.