Good solution, except that if anybody checks what "who" actually does, it's revealed that it's an alias and then if anybody just used
and started 'who' from that directory, for example with (I'm not sure at all it's in /bin/, not on Linux atm)
the output would be again the default one (with ip addresses).
A slightly more complex option would be to wrap the actual 'who' into a script so that regular users could not start 'who', but could start the script that started 'who -q' - the original 'who' would of course be moved to another place, and this script put into it's place, so people would run the script by typing 'who' and not the actual 'who'. Shortly: script in place of real 'who', that runs 'who -q' from someplace else - with users forbidden to use the original executable from where ever it is.