diff --git a/packages/accounts/accounts_client.js b/packages/accounts/accounts_client.js
index d5381eba2a..4e07b08e69 100644
--- a/packages/accounts/accounts_client.js
+++ b/packages/accounts/accounts_client.js
@@ -33,5 +33,4 @@
     });
   };
 
-  Meteor.subscribe("currentUser");
 })();
diff --git a/packages/accounts/accounts_common.js b/packages/accounts/accounts_common.js
index 297949567b..1093d2eee1 100644
--- a/packages/accounts/accounts_common.js
+++ b/packages/accounts/accounts_common.js
@@ -1,11 +1,18 @@
-Meteor.users = new Meteor.Collection("users");
-
 if (!Meteor.accounts) {
   Meteor.accounts = {};
 }
 
+// internal login tokens collection. Never published.
 Meteor.accounts._loginTokens = new Meteor.Collection(
   "accounts._loginTokens",
   null /*manager*/,
   null /*driver*/,
   true /*preventAutopublish*/);
+
+// Users table. Don't use the normal autopublish, since we want to hide
+// some fields. Code to autopublish this is in accounts_server.js.
+Meteor.users = new Meteor.Collection(
+  "users",
+  null /*manager*/,
+  null /*driver*/,
+  true /*preventAutopublish*/);
diff --git a/packages/accounts/accounts_server.js b/packages/accounts/accounts_server.js
index 9da172d680..89df66dbea 100644
--- a/packages/accounts/accounts_server.js
+++ b/packages/accounts/accounts_server.js
@@ -110,15 +110,26 @@
     }
   });
 
-  // Publish a few attributes on the current user object
-  Meteor.publish("currentUser", function() {
+
+  // Always publish the current user's record to the client.
+  Meteor.publish(null, function() {
     if (this.userId())
       return Meteor.users.find({_id: this.userId()},
                                {fields: {services: 0, private: 0}});
     else
       return null;
+  }, {is_auto: true});
+
+  // If autopublish is on, also publish everyone else's user record.
+  Meteor.default_server.onAutopublish(function () {
+    var handler = function () {
+      return Meteor.users.find(
+        {}, {fields: {services: 0, private: 0, emails: 0}});
+    };
+    Meteor.default_server.publish(null, handler, {is_auto: true});
   });
 
+
   // Try all of the registered login handlers until one of them doesn't
   // return `undefined`, meaning it handled this call to `login`. Return
   // that return value.