diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index a9617541fa..d8693ee9df 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -548,6 +548,8 @@ unfollow = Unfollow
 heatmap.loading = Loading Heatmap…
 user_bio = Biography
 disabled_public_activity = This user has disabled the public visibility of the activity.
+email_visibility.limited = Your email address is visible to all authenticated users
+email_visibility.private = Your email address is only visible to you and administrators
 
 form.name_reserved = The username '%s' is reserved.
 form.name_pattern_not_allowed = The pattern '%s' is not allowed in a username.
@@ -661,7 +663,7 @@ add_email_success = The new email address has been added.
 email_preference_set_success = Email preference has been set successfully.
 add_openid_success = The new OpenID address has been added.
 keep_email_private = Hide Email Address
-keep_email_private_popup = Your email address will be hidden from other users.
+keep_email_private_popup = Your email address will only be visible to you and the administrators
 openid_desc = OpenID lets you delegate authentication to an external provider.
 
 manage_ssh_keys = Manage SSH Keys
@@ -842,9 +844,9 @@ email_notifications.andyourown = And Your Own Notifications
 
 visibility = User visibility
 visibility.public = Public
-visibility.public_tooltip = Visible to all users
+visibility.public_tooltip = Visible to everyone
 visibility.limited = Limited
-visibility.limited_tooltip = Visible to logged in users only
+visibility.limited_tooltip = Visible to authenticated users only
 visibility.private = Private
 visibility.private_tooltip = Visible only to organization members
 
@@ -2421,7 +2423,7 @@ settings.permission = Permissions
 settings.repoadminchangeteam = Repository admin can add and remove access for teams
 settings.visibility = Visibility
 settings.visibility.public = Public
-settings.visibility.limited = Limited (Visible to logged in users only)
+settings.visibility.limited = Limited (Visible to authenticated users only)
 settings.visibility.limited_shortname = Limited
 settings.visibility.private = Private (Visible only to organization members)
 settings.visibility.private_shortname = Private
diff --git a/templates/user/profile.tmpl b/templates/user/profile.tmpl
index d4a0f4a3ac..e0e05575fa 100644
--- a/templates/user/profile.tmpl
+++ b/templates/user/profile.tmpl
@@ -30,11 +30,29 @@
 							{{if .Owner.Location}}
 								<li>{{svg "octicon-location"}} {{.Owner.Location}}</li>
 							{{end}}
-							{{if .ShowUserEmail}}
+							{{if (eq .SignedUserName .Owner.Name)}}
 								<li>
 									{{svg "octicon-mail"}}
 									<a href="mailto:{{.Owner.Email}}" rel="nofollow">{{.Owner.Email}}</a>
+									<a href="{{AppSubUrl}}/user/settings#keep-email-private">
+										{{if .ShowUserEmail}}
+											<i class="ui right" data-tooltip-content="{{.locale.Tr "user.email_visibility.limited"}}">
+												{{svg "octicon-unlock"}}
+											</i>
+										{{else}}
+											<i class="ui right" data-tooltip-content="{{.locale.Tr "user.email_visibility.private"}}">
+												{{svg "octicon-lock"}}
+											</i>
+										{{end}}
+									</a>
 								</li>
+							{{else}}
+								{{if .ShowUserEmail}}
+									<li>
+										{{svg "octicon-mail"}}
+										<a href="mailto:{{.Owner.Email}}" rel="nofollow">{{.Owner.Email}}</a>
+									</li>
+								{{end}}
 							{{end}}
 							{{if .Owner.Website}}
 								<li>
diff --git a/tests/integration/setting_test.go b/tests/integration/setting_test.go
index 777faf8cc0..cb8248e6e2 100644
--- a/tests/integration/setting_test.go
+++ b/tests/integration/setting_test.go
@@ -50,42 +50,42 @@ func TestSettingShowUserEmailProfile(t *testing.T) {
 
 	setting.UI.ShowUserEmail = true
 
-	// user1 can see self
+	// user1 can see own visible email
 	session := loginUser(t, "user1")
 	req := NewRequest(t, "GET", "/user1")
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc := NewHTMLParser(t, resp.Body)
 	assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
 
-	// user1 can not see user2
+	// user1 can not see user2's hidden email
 	req = NewRequest(t, "GET", "/user2")
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc = NewHTMLParser(t, resp.Body)
-	// Should not contain even if the user visits their own profile page
+	// Should only contain if the user visits their own profile page
 	assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com")
 
-	// user2 can see user1
+	// user2 can see user1's visible email
 	session = loginUser(t, "user2")
 	req = NewRequest(t, "GET", "/user1")
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc = NewHTMLParser(t, resp.Body)
 	assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
 
-	// user2 can not see self
+	// user2 can see own hidden email
 	session = loginUser(t, "user2")
 	req = NewRequest(t, "GET", "/user2")
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc = NewHTMLParser(t, resp.Body)
-	assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com")
+	assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com")
 
 	setting.UI.ShowUserEmail = false
 
-	// user1 can not see self
+	// user1 can see own (now hidden) email
 	session = loginUser(t, "user1")
 	req = NewRequest(t, "GET", "/user1")
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc = NewHTMLParser(t, resp.Body)
-	assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
+	assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
 
 	setting.UI.ShowUserEmail = showUserEmail
 }