Cloudinary Blog

User-Generated Content, Part 4: Security

Ensuring the Security of Assets Uploaded as User-Generated Content

Part 1 of this series highlights the basics of user-generated content (UGC) and its benefits for e-commerce. Part 2 describes how to leverage UGC images in e-commerce and efficiently upload, transform, and deliver them with Cloudinary. Part 3 focuses on videos in UGC and the many related management capabilities offered by Cloudinary.

Part 4 here suggests ways of rendering UGC media securely and free of harmful or inappropriate material, in particular by leveraging two configurations and an add-on in Cloudinary.

Site owners rightly assume that all UGC uploaded to their system originates from their users. Inevitably, however, with the ability for anyone to upload content to a site, others might want to see how much they can get away with, like large amounts of assets that overwhelm your system, files with embedded code, or, even worse, assets that contain malicious content. Regardless, you must take precautions against those misdeeds.

You can set up your system in many ways to handle your unique UGC workflow. In this case, a wise practice is to never serve on your site or app the original—that is, unprocessed—assets uploaded as UGC to avoid unknowingly delivering malicious content, which could have serious ramifications, typically leading to unwanted, adverse publicity.

What should you serve instead? A dynamic media platform like Cloudinary can help because it automatically processes all your non-original images and videos (aka transformed assets), ensuring that they are optimized and malware free. To apply this set of actions, all you have to do is simply apply any type of transformation through Cloudinary. Whether it be setting a crop mode, width, format, etc. all will lead to the processing of your asset.

Avoid serving original assets and set up more stringent security settings with Cloudinary, by doing the following:

  1. Set the asset’s type parameter to private in the upload to make the original asset private, i.e., invisible, to the public, allowing them to view the asset’s derivatives only. To view the original asset, one must have a signature-generated URL. (If you’ve already uploaded the asset, you can update it; see the related documentation for the procedure)

    Additionally, you can gain even more granular access to private asset-security measures with the following step:

  2. Enable the Strict Transformations setting to specify which derivatives (e.g., thumbnails) are viewable or allowed to be generated by anyone without the signature-generated URL.

Bear in mind it’s best to ensure security of your UGC not only for your business, but also for others. Inevitably, users might accidentally upload assets that expose private information about themselves or that include visuals of people who would balk at a public posting of their pictures. To alleviate those situations, here are some workflows to keep in mind:

  • Reject assets that are irrelevant to your e-business. For example, through automation, Cloudinary can detect if a face is present in the UGC images uploaded of people supposedly wearing the clothes that you sell, enabling you to set up the logic to automatically delete the rogue images. Such a workflow not only reduces storage cost, but also avoids collecting potentially malicious assets.

  • Pay attention to all the content that is displayed in your UGC images. For example, see if users have accidentally included private information displayed as text in the background.

    Better head off the iffy situations at the outset. Cloudinary’s OCR Text Detection and Extraction add-on scans images and detects any text there, which you can render unreadable by blurring or pixelating with a transformation setting. The images are then clean and usable. It’s always great practice to instill a sense of trust between you and your users.

  • Blur or pixelate faces in the background as well as the regions of your choice. Do be judicious and cautious about what you display; after all, many people are by no means thrilled about their photos being posted on the Internet.

In today’s digital world in which information is constantly being sought, security is more important than ever, and companies with a weak security infrastructure are vulnerable to cyber attacks. Therefore, when choosing your asset-management solution, be sure to explore in detail how it handles security. The extent of possible damage can be so devastating that it definitely pays to be aware and prepared.

Want to Learn More About UGC?

Recent Blog Posts

How to Use the Cloudinary Media Editor Widget

At Cloudinary, we manage the entire pipeline of media assets for thousands of customers of varying sizes from numerous verticals.

As part of our commitment to support the entire flow of media assets, we are now introducing an intuitive media editing widget: an out­-of­-the-­box, interactive UI providing your users with a set of common image editing actions for immediate use on your website or web app. The widget is interactive and simple, built on Cloudinary's transformation capabilities, and requiring only a few lines of code to integrate. Afterwards, you can seamlessly and effortlessly add content to your site or app with no need for in-house image editing capabilities.

Read more
Shoppable Video Is Becoming Popular in E-Commerce

As pandemic restrictions necessitated, many shopping trips in 2020 took place outside the traditional brick-and-mortar store, or at least void of the physical aisle-browsing experience. Same-day curbside pickup became a safe and convenient alternative, and e-commerce transactions skyrocketed as consumers shopped online. In fact, Digital Commerce 360 estimates that, compared to 2019, e-commerce transactions grew by more than 40% last year.

Read more
Enhance Your Travel Site With Cloudinary in Anticipation of a Return to New Normal

Read more
The Benefits of Headless DAMs

Headless is not a buzzword anymore. In fact, the concept of headless architecture is gaining momentum due to the flexibility it offers for composing new experiences and for tackling the undue complexity of an ever-evolving technology stack. That’s because while the evolution of the martech landscape has enabled disruptive, digital innovations, the approach of buying point solutions for solving specific challenges can expose companies to the complicated nature of new technologies, systems, and platforms.

Read more

Building Display Ads With Transparent Video

By Afzaal Ahmad Zeeshan
Build Web Ads With Transparent Video to Attract User Engagement

Billions of views on the Internet every day drive one of the biggest industries on the planet: advertising. The sheer size of that market and the competitive nature of vying for consumer attention results in a constant need for innovation. Readers are jaded, and display ads are blind spots.

Read more