Security of uploading artworks to microstocks

January 13, 2016 / by Taras Kushnir

When you use software to upload files to microstocks FTP servers you must enter your username and password into software you use. You can easily end up with a question if you can trust this software. It’s even more naturally to ask this kind of questions if this software is not open source. You don’t know what’s going on inside with your valuable data.

But even if you trust your software, there’s one huge security hole behind everything. And this hole is … FTP.

FTP (File Transfer Protocol) is not secure protocol by definition. It sends your credentials in plain text over the internet to the remote server. Don’t belive me? You can install Wireshark and investigate yourself. Or you can read a number of blogposts about this. Why is FTP insecure, Grab FTP username and password using Wireshark or you even can see a video of how to do it on the Youtube.

There are several ways to mitigate it.
One of the most simple one is that all microstocks will switch to SFTP which is Secure File Transfer Protocol (basically it’s encrypted FTP). Then your credentials will be transferred over the network in secure manner.
Another options is do what Fotolia does: they supply each contributor with separate username and password for FTP upload so even if someone will intercept your credentials everything he would be able to do is … to upload some pictures for you?

Talking about Xpiks, it always uses AES encryption when storing user’s FTP passwords. Also you can set your own passphrase for encryption. So it is almost next to possible for other programs to retrieve them. But remember: because of the FTP it won’t save you.

See also

How to upload to Shutterstock using FTP client FileZilla

What is FTP FTP (File Transfer Protocol) is one of the ways to communicate over the Internet. It was invented in the 80s and heavily used ...

Pond5 review: a video pioneer

Pond5 focused on video selling back when everybody else where selling only photos. It started with generous royalties for authors and has ...

EyeEm review: not your typical microstock

You cannot sign up on EyeEm and start uploading photos via FTP, as you would do any any “usual” microstock like Depositphotos or 123rf. It ...

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.