diff --git a/app/models/person.rb b/app/models/person.rb
index a242af670e3b49941a897cc51792f449ff44b5fe..f338daf3ba22e76f3a5f05fd134df545634e8ab8 100644
--- a/app/models/person.rb
+++ b/app/models/person.rb
@@ -299,11 +299,6 @@ class Person < ActiveRecord::Base
     end
   end
 
-  #gross method pulled out from controller, not exactly sure how it should be used.
-  def shares_with(user)
-    user.contacts.receiving.where(:person_id => self.id).first if user
-  end
-
   # @param person [Person]
   # @param url [String]
   def update_url(url)
diff --git a/app/presenters/person_presenter.rb b/app/presenters/person_presenter.rb
index f53087eee0d87c1f7df4ff76bd2b69497314ab0c..6ca7351ee6cd5bde81a5f2e40a0932d7b9cb44b4 100644
--- a/app/presenters/person_presenter.rb
+++ b/app/presenters/person_presenter.rb
@@ -66,7 +66,9 @@ class PersonPresenter < BasePresenter
   end
 
   def person_is_following_current_user
-    @presentable.shares_with(current_user)
+    return false unless current_user
+    contact = current_user_person_contact
+    contact && contact.sharing?
   end
 
   private
diff --git a/spec/controllers/people_controller_spec.rb b/spec/controllers/people_controller_spec.rb
index 841e3d61663c093bfc8b2e9ba4a8da3a3ceda136..3c926d48c99121641b7a228624e486878acaa0a1 100644
--- a/spec/controllers/people_controller_spec.rb
+++ b/spec/controllers/people_controller_spec.rb
@@ -270,6 +270,11 @@ describe PeopleController, :type => :controller do
         expect(response).to be_redirect
         expect(response).to redirect_to new_user_session_path
       end
+
+      it "leaks no private profile info" do
+        get :show, id: @person.to_param
+        expect(response.body).not_to include(@person.profile.bio)
+      end
     end
 
     context "when the person is a contact of the current user" do
@@ -295,6 +300,11 @@ describe PeopleController, :type => :controller do
           note.reload
         }.to change(Notification.where(:unread => true), :count).by(-1)
       end
+
+      it "includes private profile info" do
+        get :show, id: @person.to_param
+        expect(response.body).to include(@person.profile.bio)
+      end
     end
 
     context "when the person is not a contact of the current user" do
@@ -311,6 +321,24 @@ describe PeopleController, :type => :controller do
         get :show, :id => @person.to_param, :format => :mobile
         expect(response).to be_success
       end
+
+      it "leaks no private profile info" do
+        get :show, id: @person.to_param
+        expect(response.body).not_to include(@person.profile.bio)
+      end
+    end
+
+    context "when the user is following the person" do
+      before do
+        sign_out :user
+        sign_in :user, peter
+        @person = alice.person
+      end
+
+      it "leaks no private profile info" do
+        get :show, id: @person.to_param
+        expect(response.body).not_to include(@person.profile.bio)
+      end
     end
   end
 
diff --git a/spec/presenters/person_presenter_spec.rb b/spec/presenters/person_presenter_spec.rb
index 54424e2ee6533ce1e400e9568c83e33c62dddf58..110f1955c6250e5a468fea99fad83d362844d39a 100644
--- a/spec/presenters/person_presenter_spec.rb
+++ b/spec/presenters/person_presenter_spec.rb
@@ -4,6 +4,11 @@ describe PersonPresenter do
   let(:profile_user) { FactoryGirl.create(:user_with_aspect) }
   let(:person) { profile_user.person }
 
+  let(:mutual_contact) { double(id: 1, mutual?: true,  sharing?: true,  receiving?: true) }
+  let(:receiving_contact) { double(id: 1, mutual?: false, sharing?: false, receiving?: true)  }
+  let(:sharing_contact) { double(id: 1, mutual?: false, sharing?: true,  receiving?: false) }
+  let(:non_contact) { double(id: 1, mutual?: false, sharing?: false, receiving?: false) }
+
   describe "#as_json" do
     context "with no current_user" do
       it "returns the user's public information if a user is not logged in" do
@@ -16,11 +21,22 @@ describe PersonPresenter do
       let(:presenter){ PersonPresenter.new(person, current_user) }
 
       it "doesn't share private information when the users aren't connected" do
+        allow(current_user).to receive(:contact_for) { non_contact }
+        expect(presenter.full_hash_with_profile[:profile]).not_to have_key(:location)
+      end
+
+      it "doesn't share private information when the current user is sharing with the person" do
+        allow(current_user).to receive(:contact_for) { receiving_contact }
         expect(presenter.full_hash_with_profile[:profile]).not_to have_key(:location)
       end
 
       it "has private information when the person is sharing with the current user" do
-        expect(person).to receive(:shares_with).with(current_user).and_return(true)
+        allow(current_user).to receive(:contact_for) { sharing_contact }
+        expect(presenter.full_hash_with_profile[:profile]).to have_key(:location)
+      end
+
+      it "has private information when the relationship is mutual" do
+        allow(current_user).to receive(:contact_for) { mutual_contact }
         expect(presenter.full_hash_with_profile[:profile]).to have_key(:location)
       end
 
@@ -32,10 +48,6 @@ describe PersonPresenter do
 
   describe "#full_hash" do
     let(:current_user) { FactoryGirl.create(:user) }
-    let(:mutual_contact) { double(:id => 1, :mutual? => true,  :sharing? => true,  :receiving? => true ) }
-    let(:receiving_contact) { double(:id => 1, :mutual? => false, :sharing? => false, :receiving? => true)  }
-    let(:sharing_contact) { double(:id => 1, :mutual? => false, :sharing? => true,  :receiving? => false) }
-    let(:non_contact) { double(:id => 1, :mutual? => false, :sharing? => false, :receiving? => false) }
 
     before do
       @p = PersonPresenter.new(person, current_user)