Meta quietly killed Instagram's encrypted DMs — here's what changed
If you use Instagram's direct messages, your conversations are no longer end-to-end encrypted. Meta removed the feature on May 8, 2026, after quietly announcing the change in March. The timing is striking: the US Take It Down Act — which requires platforms to remove non-consensual intimate imagery within 48 hours — came into force on May 19, just 11 days later.
The official reason
Meta told The Guardian that barely anyone used the feature. That's not entirely wrong — end-to-end encryption on Instagram was opt-in only, never turned on by default, and never rolled out globally. Burying a privacy tool and then citing low adoption as justification for removing it is a convenient argument, though. Meta added that anyone who wants encrypted messaging can use WhatsApp, which keeps E2EE as its default.
What's actually at stake
End-to-end encryption (E2EE) means only the sender and recipient can read a message. Without it, Meta can scan the content of your DMs — for illegal material, yes, but also for data that feeds ad targeting. The Take It Down Act compliance angle matters here: E2EE makes 48-hour content removal technically impossible, which gives Meta a clean regulatory reason to drop it. As The Register notes, this reverses a pledge Mark Zuckerberg made in 2019 to build privacy-first messaging across all Meta platforms.
Security researchers point out the dual benefit Meta gains: child safety compliance provides the headline justification, while plaintext DMs unlock a richer ad-targeting dataset. Law enforcement also gains potential access to message content through standard legal requests — something that was blocked under E2EE.
A Proton survey of four countries found that 76% of US respondents and 72% of UK respondents consider encryption "very important." The gap between stated user preference and actual opt-in behaviour is what Meta is leaning on.
What to do now
If privacy in direct messages matters to you, Meta's own recommendation stands: move to WhatsApp. Signal is another option with a strong independent encryption track record. Instagram DMs were never the primary choice for sensitive conversations, but the removal of even an optional layer of protection is a step in the wrong direction for MacRumors and privacy advocates who monitored the rollout closely.
For casual use — sharing memes, coordinating meetups — the practical impact is low. For anything sensitive, treat Instagram DMs as you would a postcard: assume someone else can read it.
