diff --git a/src/keymanagement.c b/src/keymanagement.c
index 7e4f60f5..fea6269b 100644
--- a/src/keymanagement.c
+++ b/src/keymanagement.c
@@ -1028,9 +1028,10 @@ PEP_STATUS _myself(PEP_SESSION session,
             return PEP_OUT_OF_MEMORY;
     }
 
-    // Cache the input username, if there is one and it's not read_only
+    // Cache the input username, if there is one and it's not read_only; NULL
+    // otherwise.  cached_input_username is never a pointer to an empty string.
     char* cached_input_username = NULL;
-    if (!read_only && identity->username) {
+    if (!read_only && ! EMPTYSTR(identity->username)) {
         cached_input_username = strdup(identity->username);
         if (!cached_input_username)
             return PEP_OUT_OF_MEMORY;
diff --git a/src/keymanagement.h b/src/keymanagement.h
index ce097fc1..9b6d50ed 100644
--- a/src/keymanagement.h
+++ b/src/keymanagement.h
@@ -118,6 +118,13 @@ DYNAMIC_API PEP_STATUS update_identity(
  *           if you need to do this asynchronous, you need to return an identity
  *           with retrieve_next_identity() where pEp_identity.me is true
  *  
+ *  @warning If the identity has no .username but the person with the same
+ *           address has one, copy it into the identity's .username.
+ *           Applications should in general *not* rely on this feature, which
+ *           can break privacy by revealing a username to a third party.  It is
+ *           provided for compatibility in the case of email, where a header
+ *           such as "From: johndoe@example.com" is accepted even if no longer
+ *           technically standard.
  */
 
 DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity);