I am trying to open up access of my phabricator site to my clients. With project level restriction, and spaces restriction.
However due to the nature of a large number of my clients in a particular industry i am serving, they are no stranger to scraping each other companies email addresses, names, company structure and poaching one another. To other shady things.
As such i have taken steps to prevent them from such users "discovering" other users. Such as hiding the subscriber, and assigned to field.
However as https://secure.phabricator.com/book/phabricator/article/forms/ pointed out. This is not an actual solution, it simply makes it less "obvious". As anyone can go to the comments segment, and start searching using the @mention option.
I do notice that this is actually in place on this site (perhaps not intentionally). As such this may simply be an existing, but not easily found configuration. Or a side effect of using alternative identity providers.
What i see here
What i see on my site