Hi.
I’ve just noticed that every user has access to statistics on /users page where it’s shown how many times every user visits and how many posts he/she reads and views. It’s indeed useful info but I doubt it should be available publicly by default. Anyway is there any way to limit availability of visits/reads/views stats for every user?
Closest you can get is: hide user profiles from public site setting, if you want to protect this info.
Short of that there is no way of removing this information from the payloads, you could create a custom CSS rule to hide the bits you do not want to easily expose.
I see, but are you sure it’s a good idea to show such info be default? How about introducing a new option show user stats. It could be not just a boolean but trust level meaning starting what trust-level users are allowed to see other users stats (there should be possible to set moderators and admins only).
BTW hide user profiles from public means “Disable user cards, user profiles and user directory for anonymous users”. I set it on, thanks (again I’m sure it should be true by default). But it only restricts accessing info for non-authenticated users. For logged-in users it will be available.
I dont quite understand what is gained by someone being able to see this - yes you can see how many posts that have been read etc and how many times they have logged on but is it really a privacy issue?
I believe it is as it exposes users activity in real life.
Would you agree if Facebook shows your such activity publicly (when you logged on, how many posts did you read, how long did you stay reading, etc).
It’s not so much as “exposes” as “makes easily available”. You can get the same (or similar depending on hidden topics) information by just crawling the site.
not sure that I understand you,
how will you know a user’s last login time by crawling the site?
last_seen_at:2017-03-20T21:48:54.722Z
You could guess by finding a members last post.
But if you’re talking about the Users page, last log-in isn’t given there either.
Personally, I don’t consider my “activity” stats to be a privacy concern. I certainly wouldn’t want my email address or password to be available to members. Nor would I want my Preference Settings to be easily found (less a concern). But I have no problem with what shows on the User page or my Profile
I agree that this should be somewhat private. Maybe number of likes received or given could be displayed but definitely not login times. Even if one can get them by crawling, at least we reduce the availability of such info by removing them or at least give the user the option to show or hide it.
I would also love to see a more granular control over the public user data. Especially public time-based metrics that can be used to get user in trouble should be optional.
One page which i think should be private is the invites tab. I don’t think anyone else should see who you have invited, etc.
Users can opt to disable their profile page in their preferences now, under Interface:
Hide my public profile and presence features
Yes, but it would be cool to show your public profile and hide your presence features. 
Is there a way to have this option, to hide the public profile, enabled by default for new users ?
I agree. Hiding the profile altogether is the atomic option. There should be some middle ground between “post privacy, I’ve nothing to hide” and “I’ll tell you nothing about me”.
This was requested and would also be much appreciated by users of our new (scientific) forum. We have added equipment user fields that they want to be able to see, but they are rather shy about having to expose their activity…