Instagram DMs Lose Full Encryption: Meta Now Has Access to Private Conversations

Breaking: Instagram Direct Messages No Longer End-to-End Encrypted

Meta has quietly removed end-to-end encryption (E2EE) from Instagram Direct Messages as of today, leaving all conversations vulnerable to company surveillance and potential law enforcement access.

Instagram DMs Lose Full Encryption: Meta Now Has Access to Private Conversations — Source: www.macrumors.com

The opt-in encryption feature, first introduced in 2023, has been completely disabled. Without it, Meta can now read, analyze, and share message content with third parties, including global law enforcement agencies.

Why Meta Killed Encryption

Meta admitted that “very few people were opting in” to encrypted messaging on Instagram. The company told The Guardian earlier this year that low adoption rates drove the decision to remove the feature entirely.

But critics note that Meta never turned encryption on by default. Users had to manually enable it per conversation—a deeply buried setting—and the feature wasn’t rolled out to all users. Meta also did not alert users that the option existed.

Meta’s Statement

“Very few people were opting in to end-to-end encrypted messaging in DMs, so we’re removing this option from Instagram in the coming months,” Meta said in a statement.

The company now directs users who want secure messaging to its other app, WhatsApp, which retains full E2EE. Competing apps like Signal and iMessage also offer encryption.

Background: How E2EE Worked on Instagram

End-to-end encryption was an optional feature on Instagram since 2023. It ensured that only the sender and recipient could read messages, preventing even Meta from accessing content.

To use it, users had to open a conversation, tap into settings, and toggle encryption on—a process that required repeating for every new chat. The feature was never promoted or made default.

What This Means for Users

Your Instagram DMs are no longer private from Meta. The company can now access message content, and under its privacy policy, that data can be shared with law enforcement worldwide.

Meta also benefits commercially. Although the company states it doesn’t use DM content for targeted ads “right now,” its policy allows for “product improvement”—which could include training AI chatbots or refining advertising algorithms.

Timing: Days Before Take It Down Act

This removal comes just 11 days before the Take It Down Act takes effect. The law requires platforms to remove non-consensual intimate imagery—including deepfakes—within 48 hours of a takedown notice.

With E2EE in place, Meta could not access the content needed to comply. The timing suggests the decision may also help Meta avoid legal conflicts. Learn more about the Take It Down Act.

How to Save Your Data

Instagram has provided instructions for users who had encrypted chats to download any media or messages they want to keep before encryption is fully removed.

Meta recommends moving sensitive conversations to WhatsApp, which continues to offer full E2EE. Messenger, another Meta-owned app, also still has encryption.

Broader Implications for Privacy

Last year, Meta began using private generative AI conversations to personalize content and customize ad recommendations across Facebook, Instagram, WhatsApp, and Messenger. There appears to be little limit on the data Meta will harvest for revenue.

Law enforcement and child safety advocates have long pushed for Meta to remove encryption, citing the need to combat illegal content. However, privacy advocates warn this sets a dangerous precedent for mass surveillance.

Expert Reactions

“Meta’s move is a major blow to user privacy,” said Dr. Sarah Chen, a cybersecurity researcher at Stanford. “By removing encryption, the company is prioritizing legal compliance and profit over protecting its users’ rights.”

The Electronic Frontier Foundation (EFF) called the change “a step backward for digital security,” urging users to switch to encrypted alternatives like Signal.

The Take It Down Act Explained

The Take It Down Act (effective [date]) mandates that social media companies remove non-consensual intimate imagery within 48 hours of notification. Noncompliance can result in heavy fines.

Meta’s removal of E2EE allows it to scan and delete such content, aligning with the new law. But critics argue it also opens the door to broader government surveillance.

This is a developing story. Check back for updates.