diff --git a/src/constants.js b/src/constants.js
index 803759361..a6951c0f1 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -49,9 +49,10 @@ exports = module.exports = {
 
     AUTOUPDATE_PATTERN_NEVER: 'never',
 
-    AVATAR_NONE: '',
-    AVATAR_GRAVATAR: 'gravatar',
-    AVATAR_CUSTOM: 'custom', // this is not used here just for reference. The field will contain a byte buffer instead of the type string
+    // the db field is a blob so we make this explicit
+    AVATAR_NONE: Buffer.from('', 'utf8'),
+    AVATAR_GRAVATAR: Buffer.from('gravatar', 'utf8'),
+    AVATAR_CUSTOM: Buffer.from('custom', 'utf8'),   // this is not used here just for reference. The field will contain a byte buffer instead of the type string
 
     SECRET_PLACEHOLDER: String.fromCharCode(0x25CF).repeat(8), // also used in dashboard client.js
 
diff --git a/src/routes/profile.js b/src/routes/profile.js
index 10c617ae7..e848d4ccc 100644
--- a/src/routes/profile.js
+++ b/src/routes/profile.js
@@ -75,12 +75,12 @@ function update(req, res, next) {
 async function setAvatar(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
-    let avatar = req.body.avatar;
+    let avatar = typeof req.body.avatar === 'string' ? Buffer.from(req.body.avatar, 'utf8') : null;
 
     if (req.files && req.files.avatar) {
         avatar = safe.fs.readFileSync(req.files.avatar.path);
         if (!avatar) return next(BoxError.toHttpError(new BoxError(BoxError.FS_ERROR, safe.error.message)));
-    } else if (avatar !== constants.AVATAR_GRAVATAR && avatar !== constants.AVATAR_NONE) {
+    } else if (!avatar || (!avatar.equals(constants.AVATAR_GRAVATAR) && !avatar.equals(constants.AVATAR_NONE))) {
         return next(new HttpError(400, `avatar must be a file, ${constants.AVATAR_GRAVATAR} or ${constants.AVATAR_NONE}`));
     }
 
diff --git a/src/users.js b/src/users.js
index 4ebce4b3f..218f437dd 100644
--- a/src/users.js
+++ b/src/users.js
@@ -783,11 +783,13 @@ function compareRoles(role1, role2) {
 async function getAvatarUrl(user) {
     assert.strictEqual(typeof user, 'object');
 
-    const result = await getAvatar(user.id);
     const fallbackUrl = `${settings.dashboardOrigin()}/img/avatar-default-symbolic.svg`;
 
-    if (result.toString() === constants.AVATAR_NONE) return fallbackUrl;
-    else if (result.toString() === constants.AVATAR_GRAVATAR) return `https://www.gravatar.com/avatar/${require('crypto').createHash('md5').update(user.email).digest('hex')}.jpg`;
+    const [error, result] = await safe(getAvatar(user.id));
+    if (error) throw error;
+
+    if (result.equals(constants.AVATAR_NONE)) return fallbackUrl;
+    else if (result.equals(constants.AVATAR_GRAVATAR)) return `https://www.gravatar.com/avatar/${require('crypto').createHash('md5').update(user.email).digest('hex')}.jpg`;
     else if (result) return `${settings.dashboardOrigin()}/api/v1/profile/avatar/${user.id}`;
     else return fallbackUrl;
 }
@@ -802,7 +804,7 @@ async function getAvatar(id) {
 
 async function setAvatar(id, avatar) {
     assert.strictEqual(typeof id, 'string');
-    assert(avatar === constants.AVATAR_NONE || avatar === constants.AVATAR_GRAVATAR || Buffer.isBuffer(avatar));
+    assert(Buffer.isBuffer(avatar));
 
     const result = await database.query('UPDATE users SET avatar=? WHERE id = ?', [ avatar, id ]);
     if (result.length === 0) throw new BoxError(BoxError.NOT_FOUND, 'User not found');