Instagram drops end-to-end encryption for direct messages globally

Meta has abandoned plans to roll out end-to-end encryption (E2EE) as default for Instagram Direct Messages, with the reversal taking effect on Friday (May 8) for users worldwide.

The company completed E2EE rollout on Facebook Messenger in 2023 and later made the feature optional on Instagram with plans to make it default. After seven years of work on the technology, Meta has decided not to proceed and Instagram will now offer only standard encryption — meaning private content can be accessed by internet service providers and the company under lawful orders, in line with most major online services.

The decision was not announced publicly. Instead, Meta quietly updated Instagram’s terms and conditions in March, stating that “end-to-end encrypted messaging on Instagram will no longer be supported after 8 May 2026” and providing instructions to download affected chats. Meta told reporters the reversal was driven by low user opt-in to the existing optional feature; commentators noted that take-up of optional privacy features is typically low because opting in introduces friction.

Child protection groups welcomed the move. Rani Govender of the NSPCC said E2EE “can allow perpetrators to evade detection, enabling the grooming and abuse of children to go unseen.” Privacy campaigners called the decision a step backwards.

Cybersecurity expert Victoria Baines, professor of IT at Gresham College, said the move reflects Meta’s broader monetisation strategy: “Social media platforms monetise our communications — our posts, likes and messages — so they can serve targeted advertising. And increasingly, companies like Meta are focusing on training AI models, for which messaging data can be extremely valuable.” Instagram has previously stated direct messages are not used to train AI. Meta declined to comment further, and Instagram boss Adam Mosseri declined to be interviewed.

The change affects Sri Lanka’s substantial Instagram user base alongside the global rollout. It comes a month after Meta told staff that clicks and activity on company work devices would be collected as AI training data, deepening unease among privacy researchers about the company’s data-sourcing trajectory.

Source: Newswire.