Building a consumer-oriented service where users can submit their own content, be it profile pictures, images, or any other media that is shown to other users on your platform requires careful planning ahead of time. Especially when you want to build a safe environment for your users, allowing people to upload anything without further verification will inevitably lead to critical situations.
Many bigger platforms have teams of people working on content moderation while others put their trust in automation to flag or immediately filter out content violating community guidelines.
When my friend Tim and I were starting out with sonata, a platform to meet people with a similar taste in music, we were certain about two product decisions: We wanted profile pictures, but we also wanted sonata to be a place where people could feel safe and have a great time.
Obviously, we weren’t going into the situation with a huge budget or the necessary automation at our hands to handle reviews of profile pictures, so in the most “do things that don’t scale” way possible we went ahead and rolled our own process.
In our app, you can go to your account settings and upload a profile picture, which will be visible for yourself immediately, but until we have reviewed it, other people won’t see it. This solves two problems at once: Users don’t experience any friction in setting their profile picture and we can make sure nothing inappropriate is displayed on the platform.
The more interesting part of the system is the verification step. Whenever a user uploads a new profile image, we send an interactive Slack message into a channel containing some information about the image and a preview using a temporary, presigned URL that expires shortly after. We can enable notifications for every approval request, so responding doesn’t take too long. As for our options, we can either approve or reject the profile image.
Whenever we perform an action on the interactive message, Slack will send a webhook to our API, including the action taken. With this, we can update our internal state, which completes the process.
This solution was built in a day, and has served us quite well, especially since it’s low maintenance and essentially free if you ignore traffic and storage costs.
If you’re thinking of implementing a similar solution, consider that we’re only dealing with the verification of public profile pictures and, unlike other platforms, do not offer other ways for users to submit media content, which strongly limits the scope of work. Using this process for any content that has a high volume of change would definitely require more resources and time, making a manual approach inefficient.