Cloudinary Blog

User-Generated Content, Part 4: Security

Ensuring the Security of Assets Uploaded as User-Generated Content

Part 1 of this series highlights the basics of user-generated content (UGC) and its benefits for e-commerce. Part 2 describes how to leverage UGC images in e-commerce and efficiently upload, transform, and deliver them with Cloudinary. Part 3 focuses on videos in UGC and the many related management capabilities offered by Cloudinary.

Part 4 here suggests ways of rendering UGC media securely and free of harmful or inappropriate material, in particular by leveraging two configurations and an add-on in Cloudinary.

Site owners rightly assume that all UGC uploaded to their system originates from their users. Inevitably, however, with the ability for anyone to upload content to a site, others might want to see how much they can get away with, like large amounts of assets that overwhelm your system, files with embedded code, or, even worse, assets that contain malicious content. Regardless, you must take precautions against those misdeeds.

You can set up your system in many ways to handle your unique UGC workflow. In this case, a wise practice is to never serve on your site or app the original—that is, unprocessed—assets uploaded as UGC to avoid unknowingly delivering malicious content, which could have serious ramifications, typically leading to unwanted, adverse publicity.

What should you serve instead? A dynamic media platform like Cloudinary can help because it automatically processes all your non-original images and videos (aka transformed assets), ensuring that they are optimized and malware free. To apply this set of actions, all you have to do is simply apply any type of transformation through Cloudinary. Whether it be setting a crop mode, width, format, etc. all will lead to the processing of your asset.

Avoid serving original assets and set up more stringent security settings with Cloudinary, by doing the following:

  1. Set the asset’s type parameter to private in the upload to make the original asset private, i.e., invisible, to the public, allowing them to view the asset’s derivatives only. To view the original asset, one must have a signature-generated URL. (If you’ve already uploaded the asset, you can update it; see the related documentation for the procedure)

    Additionally, you can gain even more granular access to private asset-security measures with the following step:

  2. Enable the Strict Transformations setting to specify which derivatives (e.g., thumbnails) are viewable or allowed to be generated by anyone without the signature-generated URL.

Bear in mind it’s best to ensure security of your UGC not only for your business, but also for others. Inevitably, users might accidentally upload assets that expose private information about themselves or that include visuals of people who would balk at a public posting of their pictures. To alleviate those situations, here are some workflows to keep in mind:

  • Reject assets that are irrelevant to your e-business. For example, through automation, Cloudinary can detect if a face is present in the UGC images uploaded of people supposedly wearing the clothes that you sell, enabling you to set up the logic to automatically delete the rogue images. Such a workflow not only reduces storage cost, but also avoids collecting potentially malicious assets.

  • Pay attention to all the content that is displayed in your UGC images. For example, see if users have accidentally included private information displayed as text in the background.

    Better head off the iffy situations at the outset. Cloudinary’s OCR Text Detection and Extraction add-on scans images and detects any text there, which you can render unreadable by blurring or pixelating with a transformation setting. The images are then clean and usable. It’s always great practice to instill a sense of trust between you and your users.

  • Blur or pixelate faces in the background as well as the regions of your choice. Do be judicious and cautious about what you display; after all, many people are by no means thrilled about their photos being posted on the Internet.

In today’s digital world in which information is constantly being sought, security is more important than ever, and companies with a weak security infrastructure are vulnerable to cyber attacks. Therefore, when choosing your asset-management solution, be sure to explore in detail how it handles security. The extent of possible damage can be so devastating that it definitely pays to be aware and prepared.

Want to Learn More About UGC?

Recent Blog Posts

Our $2B Valuation

By
Blackstone Growth Invests in Cloudinary

When we started our journey in 2012, we were looking to improve our lives as developers by making it easier for us to handle the arduous tasks of handling images and videos in our code. That initial line of developer code has evolved into a full suite of media experience solutions driven by a mission that gradually revealed itself over the course of the past 10 years: help companies unleash the full potential of their media to create the most engaging visual experiences.

Read more
Direct-to-Consumer E-Commerce Requires Compelling Visual Experiences

When brands like you adopt a direct–to-consumer (DTC) e-commerce approach with no involvement of retailers or marketplaces, you gain direct and timely insight into evolving shopping behaviors. Accordingly, you can accommodate shoppers’ preferences by continually adjusting your product offering and interspersing the shopping journey with moments of excitement and intrigue. Opportunities abound for you to cultivate engaging customer relationships.

Read more
Automatically Translating Videos for an International Audience

No matter your business focus—public service, B2B integration, recruitment—multimedia, in particular video, is remarkably effective in communicating with the audience. Before, making video accessible to diverse viewers involved tasks galore, such as eliciting the service of production studios to manually dub, transcribe, and add subtitles. Those operations were costly and slow, especially for globally destined content.

Read more
Cloudinary Helps Minted Manage Its Image-Generation Pipeline at Scale

Shoppers return time and again to Minted’s global online community of independent artists and designers because they know they can count on unique, statement-making products of the highest quality there. Concurrently, the visual imagery on Minted.com must do justice to the designs into which the creators have poured their hearts and souls. For Minted’s VP of Engineering David Lien, “Because we are a premium brand, we need to ensure that every single one of our product images matches the selected configuration exactly. For example, if you pick an 18x24 art print on blue canvas, we will show that exact combination on the hero images in the PDF.”

Read more
Highlights on ImageCon 2021 and a Preview of ImageCon 2022

New year, same trend! Visual media will continue to play a monumental role in driving online conversions. To keep up with visual-experience trends and best practices, Cloudinary holds an annual conference called ImageCon, a one-of-a-kind event that helps attendees create the most engaging visual experiences possible.

Read more