diff --git a/routers/web/webfinger.go b/routers/web/webfinger.go
index 22008765fa..c6f915a6e4 100644
--- a/routers/web/webfinger.go
+++ b/routers/web/webfinger.go
@@ -85,7 +85,10 @@ func WebfingerQuery(ctx *context.Context) {
 		return
 	}
 
-	// Should we check IsUserVisibleToViewer here?
+	if !user_model.IsUserVisibleToViewer(u, ctx.Doer) {
+		ctx.Error(http.StatusNotFound)
+		return
+	}
 
 	aliases := make([]string, 0, 1)
 	if !u.KeepEmailPrivate {