diff --git a/src/api/endpoints/aggregation/users/followers.js b/src/api/endpoints/aggregation/users/followers.js
index f49c2a2fcd..85cfe95dad 100644
--- a/src/api/endpoints/aggregation/users/followers.js
+++ b/src/api/endpoints/aggregation/users/followers.js
@@ -25,6 +25,10 @@ module.exports = (params) =>
 	// Lookup user
 	const user = await User.findOne({
 		_id: new mongo.ObjectID(userId)
+	}, {
+		fields: {
+			_id: true
+		}
 	});
 
 	if (user === null) {
diff --git a/src/api/endpoints/aggregation/users/following.js b/src/api/endpoints/aggregation/users/following.js
index 785e5a15c3..9647639fbb 100644
--- a/src/api/endpoints/aggregation/users/following.js
+++ b/src/api/endpoints/aggregation/users/following.js
@@ -25,6 +25,10 @@ module.exports = (params) =>
 	// Lookup user
 	const user = await User.findOne({
 		_id: new mongo.ObjectID(userId)
+	}, {
+		fields: {
+			_id: true
+		}
 	});
 
 	if (user === null) {
diff --git a/src/api/endpoints/aggregation/users/like.js b/src/api/endpoints/aggregation/users/like.js
index f5344f6ba3..c138c62464 100644
--- a/src/api/endpoints/aggregation/users/like.js
+++ b/src/api/endpoints/aggregation/users/like.js
@@ -25,6 +25,10 @@ module.exports = (params) =>
 	// Lookup user
 	const user = await User.findOne({
 		_id: new mongo.ObjectID(userId)
+	}, {
+		fields: {
+			_id: true
+		}
 	});
 
 	if (user === null) {
diff --git a/src/api/endpoints/aggregation/users/post.js b/src/api/endpoints/aggregation/users/post.js
index f968ff4158..3d1ea7d190 100644
--- a/src/api/endpoints/aggregation/users/post.js
+++ b/src/api/endpoints/aggregation/users/post.js
@@ -25,6 +25,10 @@ module.exports = (params) =>
 	// Lookup user
 	const user = await User.findOne({
 		_id: new mongo.ObjectID(userId)
+	}, {
+		fields: {
+			_id: true
+		}
 	});
 
 	if (user === null) {
diff --git a/src/api/endpoints/following/create.js b/src/api/endpoints/following/create.js
index 4a796b11a4..9810318be4 100644
--- a/src/api/endpoints/following/create.js
+++ b/src/api/endpoints/following/create.js
@@ -41,6 +41,11 @@ module.exports = (params, user) =>
 	// Get followee
 	const followee = await User.findOne({
 		_id: new mongo.ObjectID(userId)
+	}, {
+		fields: {
+			data: false,
+			profile: false
+		}
 	});
 
 	if (followee === null) {
diff --git a/src/api/endpoints/following/delete.js b/src/api/endpoints/following/delete.js
index 2da20dea38..dced635911 100644
--- a/src/api/endpoints/following/delete.js
+++ b/src/api/endpoints/following/delete.js
@@ -40,6 +40,11 @@ module.exports = (params, user) =>
 	// Get followee
 	const followee = await User.findOne({
 		_id: new mongo.ObjectID(userId)
+	}, {
+		fields: {
+			data: false,
+			profile: false
+		}
 	});
 
 	if (followee === null) {
diff --git a/src/api/endpoints/messaging/messages.js b/src/api/endpoints/messaging/messages.js
index 2d589faa1c..674b250567 100644
--- a/src/api/endpoints/messaging/messages.js
+++ b/src/api/endpoints/messaging/messages.js
@@ -25,6 +25,10 @@ module.exports = (params, user) =>
 	if (recipient !== undefined && recipient !== null) {
 		recipient = await User.findOne({
 			_id: new mongo.ObjectID(recipient)
+		}, {
+			fields: {
+				_id: true
+			}
 		});
 
 		if (recipient === null) {
diff --git a/src/api/endpoints/messaging/messages/create.js b/src/api/endpoints/messaging/messages/create.js
index 62ead6a64c..498883057b 100644
--- a/src/api/endpoints/messaging/messages/create.js
+++ b/src/api/endpoints/messaging/messages/create.js
@@ -33,6 +33,10 @@ module.exports = (params, user) =>
 	if (recipient !== undefined && recipient !== null) {
 		recipient = await User.findOne({
 			_id: new mongo.ObjectID(recipient)
+		}, {
+			fields: {
+				_id: true
+			}
 		});
 
 		if (recipient === null) {
diff --git a/src/api/endpoints/users/followers.js b/src/api/endpoints/users/followers.js
index fdb33b5328..5e11613c52 100644
--- a/src/api/endpoints/users/followers.js
+++ b/src/api/endpoints/users/followers.js
@@ -47,6 +47,10 @@ module.exports = (params, me) =>
 	// Lookup user
 	const user = await User.findOne({
 		_id: new mongo.ObjectID(userId)
+	}, {
+		fields: {
+			_id: true
+		}
 	});
 
 	if (user === null) {
diff --git a/src/api/endpoints/users/following.js b/src/api/endpoints/users/following.js
index 7849456e62..7b81cc4f3b 100644
--- a/src/api/endpoints/users/following.js
+++ b/src/api/endpoints/users/following.js
@@ -47,6 +47,10 @@ module.exports = (params, me) =>
 	// Lookup user
 	const user = await User.findOne({
 		_id: new mongo.ObjectID(userId)
+	}, {
+		fields: {
+			_id: true
+		}
 	});
 
 	if (user === null) {
diff --git a/src/api/endpoints/users/posts.js b/src/api/endpoints/users/posts.js
index 6a612dc8df..140c188390 100644
--- a/src/api/endpoints/users/posts.js
+++ b/src/api/endpoints/users/posts.js
@@ -67,10 +67,16 @@ module.exports = (params, me) =>
 		return rej('cannot set since_id and max_id');
 	}
 
+	const q = userId != null
+		? { _id: new mongo.ObjectID(userId) }
+		: { username_lower: username.toLowerCase() } ;
+
 	// Lookup user
-	const user = userId !== null
-		? await User.findOne({ _id: new mongo.ObjectID(userId) })
-		: await User.findOne({ username_lower: username.toLowerCase() });
+	const user = await User.findOne(q, {
+		fields: {
+			_id: true
+		}
+	});
 
 	if (user === null) {
 		return rej('user not found');
diff --git a/src/api/endpoints/users/show.js b/src/api/endpoints/users/show.js
index 43d6e700a5..bc7e3a9d5b 100644
--- a/src/api/endpoints/users/show.js
+++ b/src/api/endpoints/users/show.js
@@ -38,10 +38,16 @@ module.exports = (params, me) =>
 		return rej('incorrect user_id');
 	}
 
+	const q = userId != null
+		? { _id: new mongo.ObjectID(userId) }
+		: { username_lower: username.toLowerCase() } ;
+
 	// Lookup user
-	const user = userId !== null
-		? await User.findOne({ _id: new mongo.ObjectID(userId) })
-		: await User.findOne({ username_lower: username.toLowerCase() });
+	const user = await User.findOne(q, {
+		fields: {
+			data: false
+		}
+	});
 
 	if (user === null) {
 		return rej('user not found');
diff --git a/src/api/private/signin.ts b/src/api/private/signin.ts
index 5af44ce940..14dd1c7058 100644
--- a/src/api/private/signin.ts
+++ b/src/api/private/signin.ts
@@ -15,6 +15,11 @@ export default async (req: express.Request, res: express.Response) => {
 	// Fetch user
 	const user = await User.findOne({
 		username_lower: username.toLowerCase()
+	}, {
+		fields: {
+			data: false,
+			profile: false
+		}
 	});
 
 	if (user === null) {
diff --git a/src/api/serializers/user.ts b/src/api/serializers/user.ts
index 945c01d258..8bab540a5c 100644
--- a/src/api/serializers/user.ts
+++ b/src/api/serializers/user.ts
@@ -34,15 +34,22 @@ export default (
 
 	let _user: any;
 
+	const fields = opts.detail ? {
+		data: false
+	} : {
+		data: false,
+		profile: false
+	};
+
 	// Populate the user if 'user' is ID
 	if (mongo.ObjectID.prototype.isPrototypeOf(user)) {
 		_user = await User.findOne({
 			_id: user
-		});
+		}, { fields });
 	} else if (typeof user === 'string') {
 		_user = await User.findOne({
 			_id: new mongo.ObjectID(user)
-		});
+		}, { fields });
 	} else {
 		_user = deepcopy(user);
 	}