diff --git a/app/controllers/media_assets_controller.rb b/app/controllers/media_assets_controller.rb
index cdda551c7..4b93e26c8 100644
--- a/app/controllers/media_assets_controller.rb
+++ b/app/controllers/media_assets_controller.rb
@@ -5,7 +5,7 @@ class MediaAssetsController < ApplicationController
 
   def index
     @media_assets = authorize MediaAsset.visible(CurrentUser.user).paginated_search(params, count_pages: false)
-    @media_assets = @media_assets.joins(:media_metadata)
+    @media_assets = @media_assets.joins(:media_metadata).includes(:post)
     respond_with(@media_assets)
   end
 
diff --git a/app/policies/media_asset_policy.rb b/app/policies/media_asset_policy.rb
index 636cd1431..d48cf5b73 100644
--- a/app/policies/media_asset_policy.rb
+++ b/app/policies/media_asset_policy.rb
@@ -4,4 +4,16 @@ class MediaAssetPolicy < ApplicationPolicy
   def index?
     true
   end
+
+  def can_see_image?
+    record.post.blank? || record.post.visible?(user)
+  end
+
+  def api_attributes
+    if can_see_image?
+      super
+    else
+      super.excluding(:md5)
+    end
+  end
 end
diff --git a/app/views/media_assets/index.html.erb b/app/views/media_assets/index.html.erb
index 3a0dbc2e4..4fe1239e2 100644
--- a/app/views/media_assets/index.html.erb
+++ b/app/views/media_assets/index.html.erb
@@ -18,7 +18,9 @@
 
     <%= table_for @media_assets, class: "striped autofit" do |t| %>
       <% t.column "File", td: { class: "text-center" } do |media_asset| %>
-        <%= render MediaAssetPreviewComponent.new(media_asset: media_asset, save_data: CurrentUser.save_data, shrink_to_fit: false) %>
+        <% if policy(media_asset).can_see_image? %>
+          <%= render MediaAssetPreviewComponent.new(media_asset: media_asset, save_data: CurrentUser.save_data, shrink_to_fit: false) %>
+        <% end %>
       <% end %>
 
       <% t.column :image_width %>
diff --git a/app/views/media_assets/show.html.erb b/app/views/media_assets/show.html.erb
index 0417d99fc..956937475 100644
--- a/app/views/media_assets/show.html.erb
+++ b/app/views/media_assets/show.html.erb
@@ -2,7 +2,9 @@
   <div id="a-show" class="fixed-width-container">
     <h1 class="mb-4">Media Asset</h1>
 
-    <%= render MediaAssetComponent.new(media_asset: @media_asset) %>
+    <% if policy(@media_asset).can_see_image? %>
+      <%= render MediaAssetComponent.new(media_asset: @media_asset) %>
+    <% end %>
 
     <table class="striped aligned-vertical">
       <% if @post.present? %>
@@ -12,10 +14,12 @@
         </tr>
       <% end %>
 
-      <tr>
-        <th>MD5</th>
-        <td><%= @media_asset.md5 %></td>
-      </tr>
+      <% if policy(@media_asset).can_see_image? %>
+        <tr>
+          <th>MD5</th>
+          <td><%= @media_asset.md5 %></td>
+        </tr>
+      <% end %>
 
       <% @media_asset.metadata.sort.each do |key, value| %>
         <tr>
diff --git a/test/functional/media_assets_controller_test.rb b/test/functional/media_assets_controller_test.rb
index 33014c1b2..f4e0bf41c 100644
--- a/test/functional/media_assets_controller_test.rb
+++ b/test/functional/media_assets_controller_test.rb
@@ -25,6 +25,15 @@ class MediaAssetsControllerTest < ActionDispatch::IntegrationTest
 
         assert_response :success
       end
+
+      should "not show the md5 for assets belonging to posts not visible to the current user" do
+        @media_asset = create(:media_asset)
+        @post = create(:post, md5: @media_asset.md5, is_banned: true)
+        get media_asset_path(@media_asset), as: :json
+
+        assert_response :success
+        assert_equal(nil, response.parsed_body[:md5])
+      end
     end
   end
 end