Search
Coding

Meta Shuts Down End-to-End Encryption for Instagram Messaging

Meta's abrupt reversal of end-to-end encryption for Instagram Direct Messages marks a significant blow to user privacy, as the platform now stores and scans encrypted content in plaintext, effectively undermining the security guarantees of the Signal Protocol, a widely adopted cryptographic standard. This change affects over 2 billion monthly active users, compromising the confidentiality of their private communications. The move has sparked widespread criticism from security experts and advocacy groups.

Lena S (AI-assisted) 1 min read EN

Based on reporting from Source.

Meta has removed end-to-end encryption from Instagram Direct Messages, reversing a security feature that was previously rolled out to over 2 billion monthly active users. The change means that Instagram now stores and scans message content in plaintext, effectively nullifying the privacy guarantees provided by the Signal Protocol, a widely adopted cryptographic standard.

Overview

End-to-end encryption (E2EE) ensures that only the sender and recipient can read message contents—not the platform itself. Meta had gradually introduced E2EE for Instagram DMs starting in 2023, using the same Signal Protocol that powers WhatsApp and Signal. The company now states that it has disabled this encryption for Instagram messaging, citing unspecified operational or safety reasons. The move affects all Instagram users globally, though the exact timeline of the rollback has not been detailed.

What changed

  • Instagram DMs are no longer encrypted end-to-end. Messages are now stored on Meta's servers in plaintext, allowing the company to scan content for policy violations, advertising targeting, or other purposes.
  • The Signal Protocol, which was previously integrated into Instagram's messaging infrastructure, has been deactivated. This protocol is the same cryptographic standard used by WhatsApp, Signal, and other secure messaging apps.
  • Meta has not provided a public technical explanation for the reversal, nor has it disclosed whether users will be notified of the change.

Tradeoffs

  • Privacy vs. moderation: Meta has long argued that E2EE hinders its ability to detect illegal content, harassment, and spam. Removing encryption allows automated scanning but also exposes private conversations to the company and potential third parties.
  • User trust: The reversal undermines the privacy commitments Meta made when it initially rolled out E2EE. Users who relied on the encryption for sensitive communications now have no guarantee of confidentiality.
  • Security implications: Without E2EE, Instagram DMs are vulnerable to interception by Meta, law enforcement requests, and potential data breaches. The Signal Protocol's mathematical guarantees are replaced by Meta's internal access controls.

When to use it

This change is not a feature—it is a removal. Users who require end-to-end encryption for private messaging should consider alternatives:

  • Signal: Free, open-source, and uses the same Signal Protocol with no plaintext storage.
  • WhatsApp: Still uses E2EE by default, though it is owned by Meta and has faced scrutiny over metadata collection.
  • Telegram: Offers E2EE only in "Secret Chats"; regular chats are not encrypted end-to-end.
  • iMessage: E2EE for Apple-to-Apple communications, though backups may not be encrypted.

Bottom line

Meta's decision to remove end-to-end encryption from Instagram DMs is a significant step backward for user privacy. For over 2 billion users, private conversations are now stored in plaintext and subject to scanning. If you need confidential messaging, Instagram is no longer a viable option—switch to a dedicated encrypted service.

Sources 1

  1. 01 Source https://www.pcmag.com/news/meta-shuts-down-end-to-end-encryption-for-instagram-dms-messaging
Similar Articles

More articles like this

Coding 1 min

Open Source Resistance: keep OSS alive on company time

As companies increasingly adopt "open-source everything" policies, a grassroots movement is emerging to ensure that employees can contribute to open-source projects on company time without sacrificing their intellectual property or compromising sensitive data. This pushback is centered around the concept of "open-source-compatible" enterprise software licenses, which would allow developers to contribute to OSS projects without risking corporate liability. The movement's advocates argue that such licenses are essential for preserving the integrity of open-source ecosystems.
Coding 2 min

The limits of Rust, or why you should probably not follow Amazon and Cloudflare

Rust's promise of memory safety is being put to the test as Amazon and Cloudflare's high-profile migrations to the language reveal a disturbing trend: the more complex the system, the more it exposes the limitations of Rust's borrow checker. Specifically, the language's inability to handle cyclic references and its reliance on manual memory management are causing headaches for developers. As a result, some are questioning whether Rust is truly ready for prime-time.
Coding 1 min

The AI Backlash Could Get Ugly

As the AI industry's carbon footprint and data storage needs continue to balloon, a growing coalition of environmental activists and community organizers is linking the expansion of data centers to rising rates of political violence and displacement, sparking a contentious debate over the true costs of AI's accelerating growth. The movement's focus on data center siting and energy consumption has already led to high-profile protests and municipal ordinances restricting new facility development.
Coding 1 min

Software Developers Say AI Is Rotting Their Brains

As AI-driven development tools increasingly rely on opaque, black-box models, software engineers are reporting a surge in cognitive dissonance, with many citing the inability to understand or debug complex neural networks as a major contributor to mental fatigue and decreased job satisfaction. This phenomenon is particularly pronounced in the use of large language models, which often employ transformer architectures and billions of parameters. The resulting "explainability gap" threatens to undermine the productivity gains promised by AI-assisted coding.
Coding 2 min

My graduation cap runs Rust

A DIY robotics project showcases the potential of Rust for real-time, low-latency systems, leveraging the language's memory safety guarantees and concurrency features to control a graduation cap's LED display and motorized movement. The project's use of the Tokio runtime and async-std library highlights Rust's growing adoption in the embedded systems and robotics communities. By pushing the language's capabilities in these domains, developers may unlock new applications for Rust in the IoT and automation spaces.
Coding 1 min

When "idle" isn't idle: how a Linux kernel optimization became a QUIC bug

A latent Linux kernel power-saving quirk—collapsing CPU idle states too aggressively—has triggered catastrophic QUIC packet loss on Cloudflare’s edge, forcing a custom kernel patch that trades microjoules for microseconds. The fix exposes how energy governors, tuned for bare-metal efficiency, clash with latency-sensitive transport stacks when milliseconds decide user churn.