diff --git a/src/node/handler/PadMessageHandler.js b/src/node/handler/PadMessageHandler.js
index a79d2410..ed05c0d3 100644
--- a/src/node/handler/PadMessageHandler.js
+++ b/src/node/handler/PadMessageHandler.js
@@ -1016,6 +1016,10 @@ function handleClientReady(client, message)
         // Warning: never ever send padIds.padId to the client. If the
         // client is read only you would open a security hole 1 swedish
         // mile wide...
+        // Heh, turns out we already did when we sent historicalAuthorData so
+        // if it's a readonly pad request don't send the pad IDs of the author
+        if(sessioninfos[client.id].readonly) historicalAuthorData = {};
+
         var clientVars = {
           "accountPrivs": {
               "maxRevisions": 100