preloader

· privacy security social-media

Instagram Quietly Removed End-to-End Encryption from Direct Messages on May 8

Source: Help Net Security

Instagram removed the option for end-to-end encrypted direct messages on May 8, 2026. Meta introduced optional E2E encryption for Instagram DMs in 2023, but on March 2026 quietly updated a help page to indicate the feature would be discontinued on May 8. The official explanation is low uptake: a Meta spokesperson said that very few users were choosing to enable encryption, making the investment in maintaining the feature difficult to justify.

The practical consequence is that Meta now has technical access to the full content of Instagram direct messages, including text, images, videos, and voice notes. This was always the case for the majority of Instagram conversations that were never encrypted, but the removal closes off the option entirely for users who had chosen to protect their communications.

The timing has attracted attention from security researchers and legal analysts. The feature was removed 11 days before the Take It Down Act came into force in the United States on May 19, 2026. The act requires online platforms to detect and remove non-consensual intimate imagery, including AI-generated deepfakes, within 48 hours of receiving a takedown notice. Compliance with detection requirements of that kind is technically simpler when a platform retains access to message content. Meta has not publicly connected the two events.

For organisations and individuals who were using Instagram’s encrypted messaging for any purpose that involved sensitive information, whether internal communications, client conversations, or media contact, the removal is a signal to reassess the platform’s suitability for that use case. Consumer social platforms are not purpose-built for confidentiality, and their privacy properties can change with little notice and limited recourse.

The broader question this raises for businesses is whether they have a clear policy on which platforms employees and teams are permitted to use for which categories of conversation, and whether those policies account for the possibility that privacy features can be removed without meaningful warning. The Instagram situation is not the first time this has happened and is unlikely to be the last.

If you want to review your organisation’s communications security posture or build a practical policy that protects sensitive information without restricting normal business operations, contact Excello Digital and we can help you put the right framework in place.

Back to news

We’ll help you resolve your infrastructure challenges

Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.

Get in touch!