I gave some background on the use-case in Restrict exposure of full name to certain groups. We are using Discourse to facilitate discussion about local public schooling; the target userbase is primarily parents and other local community members. We want to strike a balance:
- On the one hand, make the site open to anonymous browsing (so that search engines can index it, so it is accessible even to non-members, so it is open/transparent as a matter of principle, …)
- On the other hand, avoid unnecessarily making personally-identifiable information available to crawlers and drive-by non-members — we want to let people share their names within the community and want to address the cagey-ness a lot of people have in doing so.
Originally, it looked like disabling “Display name on posts” and enabling “Hide user profiles from public” would take care of blocking name-leaks to anonymous users — but then we realized that it doesn’t. (And we already promised people via TOS and FAQ that we would. 
)
Denying full-name access to just anonymous users would get the job done. But, since it is really just as easy to key the access to group-membership, I figure might-as-well do that — which opens up the possibility, on our site, to restrict access to >=TL1, which is even better. (Currently, we require an invite to sign-up, but we want to get rid of that.)
In looking into this issue/topic, I’ve seen other mentions of same or similar asks, e.g., “we only want so-and-so group to be able to see names”… so this would take care of those uses, too.
A question for you (which you might even consider a product question!):
- Is the
enable_namessetting intended to mean “Do not show full names to users.” or rather “This site does not use full-names, period.” ?
I get the feeling (from the code itself, and from topics/issues like this one) that there is an underlying lack of clarity on this point — and some folks have understood it one way, and some the other.