Instagram Kills End-to-End Encryption for Direct Messages
BBC Business reported Thursday that Meta has switched off Instagram end-to-end encryption for direct messages globally, marking a sharp reversal of a privacy commitment the company first made in 2019.
A Seven-Year Promise Quietly Abandoned
Meta’s rollout of end-to-end encryption (E2EE) for Instagram DMs had been positioned as central to the company’s privacy strategy. E2EE allows only a sender and recipient to read a given message. No third party, including the platform itself, can access the content. Meta CEO Mark Zuckerberg declared in 2019 that “the future is private,” framing the technology as a cornerstone of the company’s roadmap. The company completed the feature’s deployment on Facebook Messenger in 2023 and made it an opt-in option on Instagram, with plans to set it as default. Those plans are now shelved. Rather than making a formal announcement, Meta quietly amended Instagram’s terms and conditions in March, stating the feature would cease to function after 8 May 2026.
Also Read: What Is End-to-End Encryption and Why Does It Matter?
Background: The Encryption Debate
E2EE has been contested terrain for years. Law enforcement agencies and child safety organisations have long argued the technology shields harmful content from scrutiny. The NSPCC welcomed Meta’s decision, with spokesperson Rani Govender telling BBC Business the feature can allow abusers to operate undetected. Privacy advocates took the opposite view. Maya Thomas of Big Brother Watch described the reversal as a potential response to government pressure, warning it could weaken protections for younger users specifically. The tension reflects a broader regulatory push across the UK and Europe to compel platforms to scan encrypted messages for illegal material.
Also Read: Online Safety Act: What It Means for Encrypted Messaging
What Changes Now and What Comes Next
With E2EE removed, Instagram will revert to standard encryption. Under that model, internet service providers and platforms can access message content when legally compelled. Meta told reporters that low voluntary opt-in rates drove the decision. Critics noted that optional features routinely see low adoption, and that this rationale may obscure other motivations. Cybersecurity professor Victoria Baines of Gresham College suggested Meta’s growing focus on AI training data, which benefits from access to messaging content, likely factored into the calculus. Instagram has previously denied using DMs to train AI models. The broader industry is watching closely. E2EE remains default on WhatsApp, Signal, iMessage, and Facebook Messenger. TikTok told BBC Business in March it has no plans to introduce it. Meta’s move may signal a wider chill on encrypted messaging across social platforms.
Read Next: Meta’s AI Ambitions Are Reshaping Its Business Model
