Instagram Abandons End-to-End Encryption for Direct Messages; Meta Cites Low Opt-In Rates
Instagram Quietly Kills End-to-End Encryption for DMs
Instagram has officially ended its opt-in end-to-end encryption (E2EE) feature for direct messages, rolling back a long‑promised privacy enhancement. The company says the feature was used by very few people.
Meta, Instagram's parent company, confirmed the move in a statement. “Very few people were opting in to end-to-end encrypted messaging in DMs,” the company said, pointing users to WhatsApp for encrypted conversations instead.
The decision marks a sharp reversal from Meta’s earlier commitments. In 2023, Meta boasted about successfully encrypting Messenger and teased that Instagram was next. A 2022 white paper declared the company’s intent to “build and implement e2ee by default across Messenger and Instagram DMs.”
Background: A Promise Unfulfilled
Meta had repeatedly pledged to bring default end-to-end encryption to all its messaging platforms. After years of technical challenges and public statements, the company appears to have given up on that goal for Instagram.
Turning on E2EE on Instagram required a four‑step opt-in process that few users knew about. Privacy advocates argue that defaults matter, and Meta’s choice to blame users is disingenuous.
The trend is not limited to Instagram. Meta also has not delivered promised E2EE for Facebook Messenger group chats. This is the latest in a series of broken promises from the company.
What This Means for Users
Instagram users lose an option for private, secure conversations on one of the world’s largest social platforms. Meta pushes users to WhatsApp, but critics say true privacy should be available everywhere.
This retreat contrasts with progress elsewhere. Google and Apple are jointly implementing E2EE for Rich Communication Services (RCS), and Signal continues to simplify its app for broader use.
Instead of blaming users, experts say Meta should enable strong privacy features by default. “Meta abandoning this principle is disheartening,” said one digital rights advocate. “Tech companies should start by making privacy the default, not the exception.”
The move also raises questions about Meta’s broader commitment to user privacy. With Instagram’s encryption gone, billions of messages remain vulnerable to surveillance and data breaches.