Which sounds, like they are meant to be public? If the user has already been identified, public info can’t be expected to be secret anymore.