Nextcloud 23 adds public user profiles and turns them on by default. This means, that any user now shares their contact information with the whole world via /u/$username (e.g. https://my.cloud/u/phoenix). See the Changelog of Nextcloud 23 where you find it as:
User profiles are a cool idea, but not publicly and under NO circumstances public by default!! This will cost NextCloud some trust, because this is just a very bad decision.
At least a new profile.enabled setting has been introduced to disable profiles globally (#29372). This will be however only available in the next stable release. In the meantime there is a nice workaround available, if you feel confident enough to fiddle in the MySQL database:
update oc_accounts set data = JSON_SET(data, '$.profile_enabled', JSON_QUERY('{"value": "0", "scope": "v2-local", "verified": "0"}', '$'));
To apply this workaround, you need to connect to your MySQL database and then select the NextCloud database (e.g. USE nextcloud) before running it.
sigh