diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 5910938..04c3023 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -35,6 +35,10 @@ class AccountController < ApplicationController
     events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
     @events_by_day = events.group_by(&:event_date)
     
+    if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty?
+      render_404 and return
+    end
+    
   rescue ActiveRecord::RecordNotFound
     render_404
   end
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index de35531..8be8228 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -96,5 +96,53 @@ users_006:
   mail_notification: false
   login: ''
   type: AnonymousUser
+users_007: 
+  id: 7
+  created_on: 2006-07-19 19:33:19 +02:00
+  status: 1
+  last_login_on: 
+  language: ''
+  hashed_password: 1
+  updated_on: 2006-07-19 19:33:19 +02:00
+  admin: false
+  mail: someone@foo.bar
+  lastname: One
+  firstname: Some
+  auth_source_id: 
+  mail_notification: false
+  login: someone
+  type: User
+users_008: 
+  id: 8
+  created_on: 2006-07-19 19:33:19 +02:00
+  status: 1
+  last_login_on: 
+  language: 'it'
+  hashed_password: 1
+  updated_on: 2006-07-19 19:33:19 +02:00
+  admin: false
+  mail: miscuser8@foo.bar
+  lastname: Misc
+  firstname: User
+  auth_source_id: 
+  mail_notification: false
+  login: miscuser8
+  type: User
+users_009: 
+  id: 9
+  created_on: 2006-07-19 19:33:19 +02:00
+  status: 1
+  last_login_on: 
+  language: 'it'
+  hashed_password: 1
+  updated_on: 2006-07-19 19:33:19 +02:00
+  admin: false
+  mail: miscuser9@foo.bar
+  lastname: Misc
+  firstname: User
+  auth_source_id: 
+  mail_notification: false
+  login: miscuser9
+  type: User
 
   
\ No newline at end of file
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index a6e3799..6dc61d4 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -44,6 +44,11 @@ class AccountControllerTest < Test::Unit::TestCase
     assert_nil assigns(:user)
   end
   
+  def test_show_should_not_reveal_users_with_no_visible_activity_or_project
+    get :show, :id => 9
+    assert_response 404
+  end
+  
   def test_login_should_redirect_to_back_url_param
     # request.uri is "test.host" in test environment
     post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1'