Meta says few users adopted encrypted Instagram messages, but privacy advocates warn the move could reshape how personal data, AI systems, and online safety operate on the platform.
As of May 8, end-to-end encryption is no longer available on direct messages on Instagram.
Meta, in announcing the policy reversal, said it had been done so because few people used the feature. But this has raised questions about its impact on user privacy and whether it will improve child safety on the platform.
Instagram has long been a focal point for discussion about online safety – whether in relation to body image concerns, cyberbullying or sexual extortion. This policy change by Meta directly affects how safety and moderation are implemented in private messages.
This is important considering research has found that perpetrators first contacted roughly 23% of Australian sexual extortion victims on Instagram, the second most frequent method of contact, behind Snapchat (at 50%).
What is end-to-end encryption?
End-to-end encryption is a way of scrambling a message so only the sender’s and recipient’s devices can read it. The platform carrying the message, in this case Instagram, can’t access it.
This same technology is present by default on WhatsApp, Signal, iMessage, and (since late 2023) Facebook Messenger.
Meta’s CEO Mark Zuckerberg first promised to bring end-to-end encryption across Meta’s messaging products back in 2019, under the slogan “the future is private.”
Instagram tested encrypted direct messages in 2021. It rolled them out as an opt-in feature in 2023.
End-to-end encrypted direct messages never became the default, and the low adoption rate of opting in to use the feature is Meta’s justification for removing it. As a spokesperson told The Guardian:
There is a circular logic to this: Meta has killed off a feature it buried so deep that most users never knew it existed, then cited low usage as the reason for its removal.
What does this mean for Instagram users?
In practical terms, every message you send on Instagram now travels in a form Meta can read.
Meta’s privacy policy lists the content of messages users send and receive among the data it collects. In principle, this enables the company to use this data to personalize features, train artificial intelligence (AI) models, and deliver targeted advertising.
While Meta has publicly committed not to train its AI models on private messages unless users actively share them with Meta AI, it has made no equivalent public commitment about advertising.
That leaves open the possibility that Meta could use unencrypted Instagram direct messages for ad targeting. And without encryption, Meta’s AI commitment is now backed by policy alone, not by the technology itself.








