diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php
index 308290459..4cc8688c5 100644
--- a/app/Http/Controllers/AdminController.php
+++ b/app/Http/Controllers/AdminController.php
@@ -532,7 +532,7 @@ class AdminController extends Controller
 		$emoji->save();
 
 		$fileName = $emoji->id . '.' . $request->emoji->extension();
-		$request->emoji->storeAs('public/emoji', $fileName);
+		$request->emoji->storePubliclyAs('public/emoji', $fileName);
 		$emoji->media_path = 'emoji/' . $fileName;
 		$emoji->save();
 		Cache::forget('pf:custom_emoji');
diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php
index ed6cbef17..f31869755 100644
--- a/app/Http/Controllers/Api/ApiV1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Controller.php
@@ -260,7 +260,7 @@ class ApiV1Controller extends Controller
 				$file = $request->file('avatar');
 				$path = "public/avatars/{$profile->id}";
 				$name = strtolower(str_random(6)). '.' . $file->guessExtension();
-				$request->file('avatar')->storeAs($path, $name);
+				$request->file('avatar')->storePubliclyAs($path, $name);
 				$av->media_path = "{$path}/{$name}";
 				$av->save();
 				Cache::forget("avatar:{$profile->id}");
@@ -1610,7 +1610,7 @@ class ApiV1Controller extends Controller
 		}
 
 		$storagePath = MediaPathService::get($user, 2);
-		$path = $photo->store($storagePath);
+		$path = $photo->storePublicly($storagePath);
 		$hash = \hash_file('sha256', $photo);
 		$license = null;
 		$mime = $photo->getMimeType();
@@ -1815,7 +1815,7 @@ class ApiV1Controller extends Controller
 		}
 
 		$storagePath = MediaPathService::get($user, 2);
-		$path = $photo->store($storagePath);
+		$path = $photo->storePublicly($storagePath);
 		$hash = \hash_file('sha256', $photo);
 		$license = null;
 		$mime = $photo->getMimeType();
diff --git a/app/Http/Controllers/Api/BaseApiController.php b/app/Http/Controllers/Api/BaseApiController.php
index 83828a9f3..2e1fb5678 100644
--- a/app/Http/Controllers/Api/BaseApiController.php
+++ b/app/Http/Controllers/Api/BaseApiController.php
@@ -112,7 +112,7 @@ class BaseApiController extends Controller
             $name = $path['name'];
             $public = $path['storage'];
             $currentAvatar = storage_path('app/'.$profile->avatar->media_path);
-            $loc = $request->file('upload')->storeAs($public, $name);
+            $loc = $request->file('upload')->storePubliclyAs($public, $name);
 
             $avatar = Avatar::whereProfileId($profile->id)->firstOrFail();
             $opath = $avatar->media_path;
diff --git a/app/Http/Controllers/AvatarController.php b/app/Http/Controllers/AvatarController.php
index ea5f84783..6ee8b610f 100644
--- a/app/Http/Controllers/AvatarController.php
+++ b/app/Http/Controllers/AvatarController.php
@@ -30,7 +30,7 @@ class AvatarController extends Controller
             $dir = $path['root'];
             $name = $path['name'];
             $public = $path['storage'];
-            $loc = $request->file('avatar')->storeAs($public, $name);
+            $loc = $request->file('avatar')->storePubliclyAs($public, $name);
 
             $avatar = Avatar::firstOrNew(['profile_id' => $profile->id]);
             $currentAvatar = $avatar->recentlyCreated ? null : storage_path('app/'.$profile->avatar->media_path);
diff --git a/app/Http/Controllers/ComposeController.php b/app/Http/Controllers/ComposeController.php
index e817c6652..441223679 100644
--- a/app/Http/Controllers/ComposeController.php
+++ b/app/Http/Controllers/ComposeController.php
@@ -123,7 +123,7 @@ class ComposeController extends Controller
 		abort_if(in_array($photo->getMimeType(), $mimes) == false, 400, 'Invalid media format');
 
 		$storagePath = MediaPathService::get($user, 2);
-		$path = $photo->store($storagePath);
+		$path = $photo->storePublicly($storagePath);
 		$hash = \hash_file('sha256', $photo);
 		$mime = $photo->getMimeType();
 
@@ -209,7 +209,7 @@ class ComposeController extends Controller
 		$name = last($fragments);
 		array_pop($fragments);
 		$dir = implode('/', $fragments);
-		$path = $photo->storeAs($dir, $name);
+		$path = $photo->storePubliclyAs($dir, $name);
 		$res = [
 			'url' => $media->url() . '?v=' . time()
 		];
diff --git a/app/Http/Controllers/DirectMessageController.php b/app/Http/Controllers/DirectMessageController.php
index 8c367e726..5346be845 100644
--- a/app/Http/Controllers/DirectMessageController.php
+++ b/app/Http/Controllers/DirectMessageController.php
@@ -602,7 +602,7 @@ class DirectMessageController extends Controller
 		}
 
 		$storagePath = MediaPathService::get($user, 2) . Str::random(8);
-		$path = $photo->store($storagePath);
+		$path = $photo->storePublicly($storagePath);
 		$hash = \hash_file('sha256', $photo);
 
 		abort_if(MediaBlocklistService::exists($hash) == true, 451);
diff --git a/app/Http/Controllers/Import/Instagram.php b/app/Http/Controllers/Import/Instagram.php
index 39d1d4d2e..95d290f61 100644
--- a/app/Http/Controllers/Import/Instagram.php
+++ b/app/Http/Controllers/Import/Instagram.php
@@ -93,7 +93,7 @@ trait Instagram
     			continue;
     		}
             $storagePath = "import/{$job->uuid}";
-            $path = $v->store($storagePath);
+            $path = $v->storePublicly($storagePath);
             DB::transaction(function() use ($profile, $job, $path, $original) {
 		        $data = new ImportData;
 		        $data->profile_id = $profile->id;
@@ -141,7 +141,7 @@ trait Instagram
 			return abort(500);
 		}
 		$storagePath = "import/{$job->uuid}";
-        $path = $media->store($storagePath);
+        $path = $media->storePublicly($storagePath);
         $job->media_json = $path;
         $job->stage = 3;
         $job->save();
diff --git a/app/Http/Controllers/Stories/StoryApiV1Controller.php b/app/Http/Controllers/Stories/StoryApiV1Controller.php
index 20dbf247d..16d1805b9 100644
--- a/app/Http/Controllers/Stories/StoryApiV1Controller.php
+++ b/app/Http/Controllers/Stories/StoryApiV1Controller.php
@@ -354,7 +354,7 @@ class StoryApiV1Controller extends Controller
 		}
 
 		$storagePath = MediaPathService::story($user->profile);
-		$path = $photo->storeAs($storagePath, Str::random(random_int(2, 12)) . '_' . Str::random(random_int(32, 35)) . '_' . Str::random(random_int(1, 14)) . '.' . $photo->extension());
+		$path = $photo->storePubliclyAs($storagePath, Str::random(random_int(2, 12)) . '_' . Str::random(random_int(32, 35)) . '_' . Str::random(random_int(1, 14)) . '.' . $photo->extension());
 		return $path;
 	}
 }
diff --git a/app/Http/Controllers/StoryComposeController.php b/app/Http/Controllers/StoryComposeController.php
index 93486a488..f913d859f 100644
--- a/app/Http/Controllers/StoryComposeController.php
+++ b/app/Http/Controllers/StoryComposeController.php
@@ -111,7 +111,7 @@ class StoryComposeController extends Controller
 		}
 
 		$storagePath = MediaPathService::story($user->profile);
-		$path = $photo->storeAs($storagePath, Str::random(random_int(2, 12)) . '_' . Str::random(random_int(32, 35)) . '_' . Str::random(random_int(1, 14)) . '.' . $photo->extension());
+		$path = $photo->storePubliclyAs($storagePath, Str::random(random_int(2, 12)) . '_' . Str::random(random_int(32, 35)) . '_' . Str::random(random_int(1, 14)) . '.' . $photo->extension());
 		if(in_array($photo->getMimeType(), ['image/jpeg','image/png'])) {
 			$fpath = storage_path('app/' . $path);
 			$img = Intervention::make($fpath);
diff --git a/config/filesystems.php b/config/filesystems.php
index 38feb2173..0d2a27743 100644
--- a/config/filesystems.php
+++ b/config/filesystems.php
@@ -46,6 +46,16 @@ return [
         'local' => [
             'driver' => 'local',
             'root'   => storage_path('app'),
+            'permissions' => [
+                'file' => [
+                    'public' => 0644,
+                    'private' => 0600,
+                ],
+                'dir' => [
+                    'public' => 0755,
+                    'private' => 0700,
+                ],
+            ],
         ],
 
         'public' => [