Meta has made it official: Instagram direct messages will lose their end-to-end encryption protection starting May 8, 2026. The company communicated the change through its help page and an updated 2022 post rather than through any prominent announcement. For the platform’s enormous global user base, the change fundamentally alters the privacy status of every private message sent through the app.
This is not the first time Instagram’s approach to user privacy has generated controversy. Meta CEO Mark Zuckerberg promised in 2019 that all Meta messaging platforms would eventually use end-to-end encryption. The feature took four years to arrive on Instagram, and when it did in 2023, it was available only to users who actively chose to enable it. The decision to now reverse the feature follows years of institutional opposition from law enforcement and child protection organizations.
Meta has explained the reversal by pointing to very low usage data. Only a small percentage of Instagram users ever activated the encrypted messaging option, the company says. For anyone who requires encryption, Meta is directing them toward WhatsApp, which offers encryption as a standard feature.
The reaction from privacy professionals has been largely negative. Commentators note that opt-in privacy features inherently struggle with low adoption, and that blaming users for not using the feature is intellectually questionable. The deeper concern is commercial: with encryption removed, Meta gains the ability to access private message content that could theoretically be used to strengthen its advertising and AI systems.
The situation underscores a structural vulnerability in voluntary privacy protections. When a company can remove a feature simply by citing low uptake, users have very limited recourse. For advocates, this highlights the urgent need for legislative frameworks that prevent companies from reversing established privacy commitments without regulatory oversight.