Hackernoon logoHow to Securely Manage User-Generated Content by@ranrubinstein

How to Securely Manage User-Generated Content

Ran Rubinstein Hacker Noon profile picture

@ranrubinsteinRan Rubinstein

Startup exec with over 20 years of experience in an array of environments, developing and deploying software at scale.

In its 2020 UGC study, Cloudinary found that 58% of respondents were generating more content, including video and written reviews, compared to the previous year. This finding highlights the enormous growing influence that peer referrals and recommendations have on customers’ purchase decisions, resulting in the growth of user-generated content (UGC). 

UGC is any form of content that’s created and posted by online audiences at will. This can include anything from setting a profile image to posting a product review with contributed images and videos, on social media or on the brand's site or app.

Because this type of content is usually authentically made by users of the brand and not the brand itself, consumers are far more likely to trust and actively engage with UGC posts than paid media and advertisements that typically include professionally-created images and videos.

With the growing importance of UGC, there are key security challenges that must be considered when managing and publishing such content at scale.

When opening your site or app to display media contributed by users, special care should be taken to avoid several pitfalls -- otherwise, the reputation of the company is at stake, along with legal issues and a decline in customer loyalty and the bottom line.

Here are three common challenges and considerations when it comes to ingesting and moderating such content, and what brands and developers can do to avoid these issues and deliver UGC as seamlessly as possible.

Dealing with malicious user-generated content

Unfortunately, in the virtual world, there are people who may upload malicious content that could have serious ramifications for your business, typically leading to unwanted, adverse publicity, and direct losses such as ransomware attacks.

This includes content abuse, when scammers enter the site to defraud the business, phishing users, creating fake reviews or posting toxic content that’s ill-intentioned, and malware injection, where uploaded media can contain malicious code that tries to exploit the site's servers or visitor's clients.

To avoid content abuse, content moderation is necessary. Teams can save time moderating thousands of submitted user-generated content by using AI to efficiently tag, optimize and deliver rich media, uploading the approved UGC to the appropriate places on the site.

With this automation, malicious content can be quickly and efficiently flagged and deleted before it’s even published. Naturally, this system is not 100% foolproof, so mechanisms to report bad content should be part of your user-generated content presentation. 

To avoid malware injection, developers should always post a brand-managed copy of the uploaded files instead of the originals. This means processing all non-original transformed assets and ensuring that the pixels uploaded are displayed, but not the original files.

While performing this copy, developers need to make sure the pixels are optimized and malware-free, and that they maintain the original quality rather than suffering from generation loss, also known as the "photocopier effect". 

Keeping user information private

Developers must bear in mind that it’s best to ensure security of UGC not only for their brand, but also for others. Inevitably, users might accidentally upload assets that expose private information about themselves or that include visuals of people who would balk at a public posting of their pictures.

To alleviate these situations, developers should implement a workflow that removes any metadata from the uploaded assets, such as location, camera type, and other data that is typically included in media files (this data is usually stored in a part of the file called "exif data"). 

Brands should also pay attention to all content that is displayed in the UGC images. If users accidentally include private information as text in the background of an image, such as a car driver's license, or any personal information it’s important to blur or pixelate that info.

AI can automatically detect these problems by ensuring that each image uploaded shows the product in review, deleting rogue images before they’re published. They can also scan images for any text to blur, instilling a sense of trust between a brand and its users.

In the spirit of the new privacy regulations worldwide, such as GDPR and CCPA, brands that ingest user content should also be aware that a customer has rights around their data, and make the terms governing the use of such data clear and agreed-upon by the users that contribute content.

In addition, website and app operators should provide for customers a way to quickly and securely request deletion of their contributed content, if they wish to; also known as "the right to be forgotten".

Managing asset volume and overload

While most users are simply uploading images they’ve taken to a site, there are others who will push the limit by uploading large amounts of assets that overwhelm the company’s website or creating files with embedded code. Malicious parties can also attempt to perform Denial of Service or frustration attacks, driving up costs for sake of vandalism or extortion. 

To ensure this doesn’t happen, brands and developers must confirm that all assets, including UGC, are optimized as much as possible, and set strict limits on uploaded file size parameters.

With the right optimization tools, businesses can discard wasteful content, and confidently deliver images and videos in the format, dimensions, resolution, and quality that will yield the most optimized file size while ensuring that the resulting asset is appropriate for the specific content and device.

While it’s impossible to plan for any scale, using a cloud provider that's built for scale, ensures that any spike in usage can be absorbed by the service or infrastructure provider.

The Power of UGC Done Securely 

The rise of UGC offers new customer engagement opportunities and business benefits, but also opens companies up to new content and media management challenges. From malware to leaked private information and content abuse, companies must do everything they can to ensure a secure infrastructure that their users and audiences can trust. 

By employing the right security best practices that support and protect users and brand reputation, businesses can take advantage of the huge opportunity that exists with UGC -- and deliver visual-first experiences that resonate with consumers and positively impact their bottom line. 

Ran Rubinstein Hacker Noon profile picture
by Ran Rubinstein @ranrubinstein. Startup exec with over 20 years of experience in an array of environments, developing and deploying software at scale.Read my stories


Join Hacker Noon

Create your free account to unlock your custom reading experience.