Meta is set to remove end-to-end encryption from Instagram direct messages on 8 May, in a quietly announced reversal that has reignited fierce debate over the balance between digital privacy and public safety. The decision was posted on Instagram’s Help Centre support page, which has sparked debate around the lack of advertising of such a weighted announcement.
In other words, messages will exclusively be stored on Instagram servers as plain text, as opposed to being encoded on the sender’s device and decoded exclusively on the recipient’s device. “This allows Meta to scan messages for harmful content – such as phishing links or fraud attempts – and filter them out”, explains Bee Secure’s cyber security specialist Steve Muller. The same applies to illegal content such as material related to child abuse material, terrorism, or criminal activity, which can then be made available to police investigations.
In theory, removing end-to-end encryption could allow Meta staff to access private messages if a conversation is reported, though Muller cannot confirm this from the outside. It could also enable further content personalisation. In any case, he stressed that private chats remain inaccessible to other users.
Unlike WhatsApp, Meta never made encryption the default on Instagram; instead, users in certain regions could opt in on a per-chat basis, meaning it had to be manually adopted. From May, that option disappears entirely, meaning Meta will gain the technical ability to access the contents of all Instagram messages. The company has not clarified whether existing encrypted chats will be deleted after the deadline.
Meta’s official justification is low uptake. The company says only a small fraction of Instagram users ever enabled the feature, and has pointed those still wanting encryption toward WhatsApp, where it is on by default. However, it’s worth noting Meta never marketed their end-to-end encryption as a tool in their messaging app, therefore not everyone would have been aware of its abilities.
Those looking to message with end-to-end encryption are advised to opt for other messaging apps, including Meta’s own WhatsApp – though a recent lawsuit by former WhatsApp head of security raise questions about its safety. Muller also points to Luxembourg’s very own messenger LuxChat: “Not only is it end-to-end encrypted, but its encryption can also be independently verified”, explains the cyber security specialist.
