A Silent End to Instagram’s Encrypted Messages
Instagram has quietly shut down its opt-in end-to-end encryption DMs feature, removing one of the few stronger messaging privacy features on a major social platform. After years of public assurances that secure, end-to-end encrypted messages would come to Instagram by default, the company has instead abandoned the effort. Meta had previously framed encryption as central to creating a “trusted private space” across Messenger and Instagram, and highlighted its progress encrypting Messenger chats. Yet rather than finishing the job on Instagram DMs, it has taken away the option entirely. For users, this means that private conversations on one of the world’s largest social apps are once again more exposed to platform access and potential misuse, undermining expectations set by Meta’s earlier commitments.
From Bold Promises to a Quiet Reversal
Meta’s reversal is especially striking when contrasted with its own words. In a 2022 white paper, the company said it was “taking our time to thoughtfully build and implement e2ee by default across Messenger and Instagram DMs,” presenting encryption as a core design goal rather than an afterthought. In 2023, Meta publicly celebrated the rollout of encrypted Messenger and hinted that Instagram would follow. Instead, the company now says “very few people were opting in to end-to-end encrypted messaging in DMs.” That explanation ignores how difficult the feature was to find and activate: it required an obscure four-step process that many users never discovered. By blaming low adoption, Meta sidesteps the fact that defaults shape behavior—and that it chose not to make strong security the default for Instagram messages.
Why Instagram’s Encryption Failed to Take Off
The demise of Instagram’s end-to-end encryption DMs highlights a fundamental design and product decision: privacy was treated as an advanced option, not a standard expectation. Because encrypted chats were opt-in only, hidden behind a multi-step setup, most users stuck with the familiar, unencrypted experience. This predictably low usage is now being used as justification to discontinue the feature, even though Meta controlled the very conditions that discouraged adoption. The company’s suggestion that users move to WhatsApp for secure messaging also reveals its platform priorities. If Meta truly wanted to offer safer conversations everywhere, it would bring robust encryption to wherever people already talk—Instagram, Messenger, and WhatsApp alike—instead of narrowing privacy to a single app and walking back its broader commitments.
A Growing Split in Messaging Privacy Strategies
Instagram’s retreat from encrypted messages lands just as other major players are doubling down on secure-by-default communication. Google and Apple are rolling out end-to-end encryption over Rich Communication Services (RCS), pushing carrier-grade texting toward a more private standard. Signal continues refining its app so that strong encryption comes built in, not bolted on. Against this backdrop, Meta’s decision to drop Instagram’s end-to-end encryption DMs—and its lingering delay on features like encrypted Facebook Messenger group chats—signals a different philosophy. Rather than treating encryption as a baseline, Meta is letting it fragment across products and rely on user effort. This divergence raises questions about whether Instagram privacy policy and product choices can keep pace with emerging norms that increasingly view default encryption as a non-negotiable feature.
What This Means for User Trust and Future Privacy
Removing Instagram’s encrypted DMs is more than a product tweak; it chips away at user trust in Meta’s long-term privacy commitments. When a platform loudly promises end-to-end encryption and later abandons it, people have little reason to believe future assurances about messaging privacy features. Users who rely on Instagram for sensitive conversations now have fewer protections and must juggle multiple apps to achieve the privacy once promised in a single ecosystem. The episode also offers a clear lesson for the industry: secure options that are hidden, complicated, or non-default are easy to sunset and even easier to blame on lack of interest. If companies genuinely value private communication, they must make the safest option the easiest one—and stick with it even when it is technically or politically challenging.