The end of encrypted DMs? Why Instagram is rolling back its biggest security feature

In just a few weeks, Meta’s Instagram will officially stop supporting end-to-end encryption (E2EE) on messages. The company claims the decision stems from low adoption rates.

However, privacy advocates I’ve spoken to argue that E2EE is an essential tool that should have been enabled by default.

The move follows TikTok’s recent announcement that it will not introduce E2EE, claiming the technology puts users at risk. Together, these decisions could mark a significant shift in how tech giants approach digital privacy.

What is end-to-end encryption and why is it important?

At its core, E2EE is the process of cryptographically altering data so a message can only be read by the sender and the recipient. This prevents the platform you’re using — or anyone who manages to intercept the data — from deciphering the contents of your messages.

Privacy advocates have long heralded the use of E2EE as a pivotal way of defending our privacy.

In Privacy International’s analysis, it highlights the many ways E2EE helps protect us — protection from criminals who want to snoop on our messages, and protection from government surveillance.

Technology Lead at Privacy International, Christopher Weatherhead, told TechRadar that E2EE is “essential both to fundamental human rights and to everyday life.

“With many people reliant on tech giants to provide encrypted servers, these companies have a responsibility to implement it in a secure, reliable way that puts people first.”

E2EE is not a silver bullet, however, and there are still ways your messages can be monitored. For example, the widespread use of digital forensics tools by law enforcement means authorities can often access your messages without even needing your login credentials.

Similarly, highly sophisticated spyware solutions — such as NSO’s Pegasus — bypass E2EE protections by operating at the OS (operating system) level. Effectively, the spyware controller gains full access to your device as if they were hovering over your shoulder watching every swipe and keystroke.

Just last week, reports surfaced that messages on Signal — widely regarded as the most secure messenger available — were recovered by investigators from an iPhone’s notification database, where message previews had persisted even after the app was deleted.

Ultimately, encrypted messages are far more secure than unencrypted ones. But they are not designed to be — nor can they ever be — entirely impenetrable.

Meta's stance on E2EE

Meta first began experimenting with E2EE on Instagram years ago. In a 2022 post, the company was explicit about the technology’s importance, stating that E2EE allows people to “trust that their online conversations with friends and family are private and secure.”

However, in an abrupt change of heart, the company now says it’s being canned due to a lack of adoption.

A Meta spokesperson told TechRadar: “Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram in the coming months. Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp.”

While Meta's official line is low adoption, the move follows years of sustained pressure from child safety groups and law enforcement that’s hard to ignore. Critics of E2EE have claimed the technology makes tackling abuse online more difficult as it prevents the platform from easily screening messages.

Privacy advocates say its low adoption rate was a self-fulfilling prophecy due to the way E2EE was rolled out in the first place.

Weatherhead says “it was a poor implementation from a user experience perspective, so low adoption is a poor justification for scrapping it." Thorin Klosowski, a security and privacy activist at the Electronic Frontier Foundation (EFF), agrees, saying the situation is a “pretty clear example of just how much defaults matter.”

“The low adoption likely has nothing to do with what people want or even expect," Klosowski told me. "I’d venture a guess that most people had no idea their Instagram DMs weren’t private to begin with.”

“Our messages should be protected with end-to-end encryption without requiring us to opt into the feature,” he added.

What next for our private messages?

While Meta continues to support E2EE on Messenger and WhatsApp, the ramifications of its Instagram retreat will be far-reaching.

We're unlikely to see a mass exodus of users, but the decision means those who relied on the technology — including journalists contacting sources, the LGBTQ+ community in restrictive regions, or political dissidents — will lose a vital layer of protection overnight.

And it isn't just Instagram users who will be impacted. When a giant like Meta shifts its stance on security and privacy, the entire industry takes note.

Combined with TikTok’s recent move to cite user safety concerns as the reason for avoiding E2EE, there is a genuine risk of a domino effect. If the world’s most dominant platforms won't commit to default encryption, emerging rivals may decide the resources required to implement it simply aren't worth the investment.

At a time when the (admittedly false) dichotomy between online safety and digital privacy is being debated more fiercely than ever, Meta’s retreat adds fuel to the narrative that encryption is a threat to be managed rather than a right to be protected.

For authoritarian regimes, hackers, and data brokers looking for easier access to private conversations, the news couldn't be better.

Will the average Instagram user care? Probably not. But for those who value digital privacy — and especially those at risk of increased surveillance — this is a dramatic and potentially dangerous shift that could eventually impact us all.