Meta has switched off end‑to‑end encryption for Instagram direct messages, ending a privacy feature that was optional on the platform for just over two years. The change took effect globally on 8 May, meaning Meta itself can now read the content of private chats, including images, videos and voice notes.
The company did not announce the reversal publicly. Instead, it updated its Help Centre page in March, stating: “End‑to‑end encrypted messaging on Instagram will no longer be supported after 8 May 2026.” Users affected by the change are shown instructions on how to download any media or messages they wish to keep.
A Meta spokesperson told Reuters that the decision was made because “very few people were opting in to end‑to‑end encrypted messaging in DMs.” The company noted that anyone seeking encrypted messaging could switch to WhatsApp, where end‑to‑end encryption is turned on by default. The feature remains active on Facebook Messenger for personal chats, though not for group or business messages.
The shift marks a significant reversal for Meta. In 2019, Chief Executive Mark Zuckerberg declared that privacy was the future of social networking and pledged to introduce default encryption across all messaging services. The company completed the rollout on Messenger in 2023 and added optional encryption to Instagram later that year. Those plans have now been dropped. Meta has declined to comment further on why it abandoned the wider deployment, and Instagram head Adam Mosseri was unavailable for an interview.
End‑to‑end encryption ensures only the sender and the recipient can read a message. Without it, Instagram operates on standard encryption, which allows the service provider to access message content when required, for example in response to a lawful request or to enforce platform policies.
Child protection groups have welcomed the move. The UK’s National Society for the Prevention of Cruelty to Children (NSPCC) told the BBC it was “really pleased,” arguing that end‑to‑end encryption “can allow perpetrators to evade detection, enabling the grooming and abuse of children to go unseen”.
Privacy advocates, however, say the decision leaves millions of users exposed. The Center for Democracy & Technology and members of the Global Encryption Coalition urged Meta to reverse course, warning that “without default encryption, millions of Instagram users are left exposed to surveillance, interception, and misuse of their private communications.” They added that the risks fall hardest on journalists, human rights defenders and survivors of abuse.
Cyber security expert Victoria Baines, Professor of IT at Gresham College, suggested the motivation may go beyond user adoption figures. “Social media platforms monetise our communications … so they can serve targeted advertising,” she said. “And increasingly, companies like Meta are focusing on training AI models, for which messaging data can be extremely valuable”. Instagram has previously stated that direct messages are not used to train AI.
Regulatory pressure has also played a role. In the United States, a New Mexico jury found Meta liable under the Unfair Practices Act in March and ordered $375 million in civil penalties, alleging the company knew encryption would make it harder to detect child exploitation. In the United Kingdom, Meta had already disabled encryption for some Instagram and Messenger users under provisions of the Online Safety Act.
Swiss encrypted‑services provider Proton questioned what would happen to previously encrypted chats that are still stored on Instagram’s servers. Because properly implemented end‑to‑end encryption prevents the platform from reading message contents, Meta has not clarified whether those conversations will remain inaccessible, be deleted or become readable under the new policy. Meta has not responded to questions on that point.
Instagram users who currently have encrypted chats are advised to download their data before the change takes effect. Meta said that an app update may be required to complete the download.