The Cloudinary fix that nobody in this thread is naming is actually two lines. Upload the asset with type set to authenticated instead of the default upload type, and generate a signed URL server side with sign_url true whenever alogged in user requests it. Once the asset is authenticated the public URL stops resolving entirely, so even the Google indexed copies go cold. The reason Fiverr cannot just turn this on now is that they already have years of stored messages where every reference is the default public delivery type, and switching the existing media library from public to authenticated breaks every existing URL across the whole platform. That is the architectural brittleness someone upthread was pointing at, and it is also why the only realistic path forward for them is rotating new uploads to authenticated and accepting that the historical exposure is permanent. What would actually catch this category of mistake earlier, an SDK default that refused to upload anything as public unless you opt in?