Meta removed end-to-end encryption from Instagram direct messages on May 8, 2026, ending an opt-in feature the company had introduced in December 2023. The change was not announced with any fanfare. In March, Instagram quietly updated a help page to note that encrypted DMs would be discontinued. Meta spokesperson Dina El-Kassaby Luce told The Verge the platform was discontinuing the feature because 'very few people' were using E2EE in their DMs. A separate spokesperson told The Guardian: 'Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram in the coming months. Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp.' Users who had the feature enabled were directed to download their encrypted chat history before the May 8 cutoff. After that date, the option disappeared entirely.
What the removal means in practical terms is significant. Meta now has the technical ability to access the content of every Instagram direct message — including images, videos, and voice notes — stored on its servers. The platform can respond to law enforcement subpoenas for message logs and run automated scanning across DM content. Meta has stated that DM content is not currently used for targeted advertising, though the company's own terms of service include language permitting use of content for 'product improvement.' Meta has not committed to any timeline for how long DM data will be retained, and has not clarified what will happen to existing encrypted conversations that users did not export before the deadline — whether those chats will be deleted, silently decrypted and retained, or simply left inaccessible.
The Low-Adoption Argument and Its Critics
Meta's stated reason — low adoption — has drawn sharp pushback from digital rights organisations. On April 8, the Steering Committee of the Global Encryption Coalition published a formal statement signed by member groups including Mozilla and the Center for Democracy and Technology. 'Encryption is not just a feature,' the statement read. 'It is fundamental to safety and the exercise of human rights.' The Coalition argued that a low opt-in rate is not evidence that users do not want encryption; it is evidence that the feature was inadequately promoted, never made the default, and buried in a per-conversation settings toggle that most users never encountered. 'Low adoption of an opt-in feature,' the statement said, 'is a reason to make encryption the default — not a reason to scrap it.'
That criticism cuts to the architecture of how Meta built the feature in the first place. Encrypted DMs on Instagram were never switched on by default. They were never available in all regions. Enabling encryption required finding a per-conversation toggle buried inside individual chat settings — a step Meta never prominently advertised to users. MacRumors noted that Meta 'did not alert users that it was an option.' Privacy advocates have been clear that a product can be designed to fail adoption: keep it opt-in, keep it hidden, and never roll it out universally — then point to low usage as justification for its removal. It is a notable reversal for a company whose chief executive in 2019 declared that 'the future is private' and pledged to shift its entire platform philosophy toward encrypted communications.
Eleven Days Before the Take It Down Act
The timing of the removal has not gone unnoticed. The change took effect eleven days before the U.S. Take It Down Act comes into force on May 19, 2026. The law, signed by President Donald Trump in May 2025, requires online platforms to detect and remove non-consensual intimate imagery — including AI-generated deepfakes — within 48 hours of a victim's notification. Platforms cannot scan for or remove content they cannot see. While Meta has not explicitly linked the two developments, analysts at Security Affairs noted that 'removing encryption makes it easier for platforms to detect and moderate harmful content at scale.' Without encryption, Meta can run the automated image-scanning pipelines that compliance with the Take It Down Act requires across its entire Instagram DM corpus.
As of publication, end-to-end encryption remains the default for all WhatsApp conversations and calls — the alternative Meta is actively directing Instagram users toward — and remains available as an opt-in for group Facebook Messenger chats. Instagram DMs now operate identically to standard Facebook Messenger messages: encrypted in transit against external interception but fully visible to the platform itself. Security researchers and privacy advocates have pointed users toward Signal as the independent alternative carrying no corporate content-access interest. Whether Meta's move will prompt broader regulatory scrutiny in the European Union, where data protection law sets a higher bar, remains an open question.
