Meta can read your Instagram DMs from today
Instagram users are waking up to a major privacy rollback after Meta officially switched off end-to-end encrypted direct messages, giving the tech giant far greater visibility into private conversations shared across the app.
From today, users who previously enabled Instagram’s optional encrypted chats will lose access to the feature entirely, with all messages reverting back to standard encryption.
This means Meta can technically access message content when required, including text, voice notes, photos and videos shared through DMs.
The move marks a dramatic U-turn from Meta’s long-running push toward encrypted messaging.
Back in 2019, chief executive and tech tycoon Mark Zuckerberg declared that “the future is private” as the company pledged to expand end-to-end encryption across Facebook and Instagram.
While Facebook Messenger rolled out encryption more broadly in 2023, Instagram’s version remained an optional setting hidden behind additional menus, and Meta has now abandoned plans to make it standard.
“Seven years of Meta promising that ‘the future is private’ gone in a single quiet update”, said Matthew Hodgson, chief executive of secure messaging platform Element.
“Pulling the plug on Instagram encryption is a white flag to surveillance, and a gift to their own AI training sets.”
“Very few people were opting in to end-to-end encrypted messaging in DMs,” a company spokesperson previously claimed, when speaking to The Guardian. “Anyone who wants to keep messaging with end-to-end encryption can easily do that on Whatsapp.”
End-to-end encryption, also known as E2EE, makes sure just the sender and recipient can read a message, preventing even the platform hosting the chat from viewing the contents
Standard encryption still protects data while it travels across the internet, but allows the service provider to technically access material under certain circumstances.
Making encryption optional rather than default virtually guarantees low adoption rates in the first place. “The excuse of ‘low opt-in rates’ is a classic Big Tech distraction”, Hodgson argues.
“If the future were actually private, privacy would be the default, not a hidden setting Meta can delete when it suits its bottom line.”
Social media giant feels the squeeze
The timing of the privacy drawback will only intensify scrutiny, as regulators globally ramp up pressure on social media firms over fraud and online harm.
Social media platforms reportedly generated around £430m from scam adverts targeting British consumers last year alone, according to analysis cited by BrokerChooser, with the UK ranking as the second-highest exposure market globally for finance adverts on Meta platforms.
The research found more than a third of UK finance-related Meta ads were classified as “high-risk”, with many pushing users toward Whatsapp and Instagram conversations to avoid moderation systems.
Governments and child protection groups have also spent years warning that encrypted messaging makes it harder to abuse material and harmful content shared privately online.
The NSPCC welcomed Meta’s decision, arguing encryption can allow abuse to “go unseen”, while privacy groups accused the company of caving to regulatory pressure.
Zuckerberg’s empire also continues to face growing questions around how user data may eventually feed into AI systems.
Instagram has previously said direct messages are not used to train AI models, though campaigners warn the removal of end-to-end encryption lowers the technical barriers around data access significantly.