Security Bite: Your Instagram DMs were probably never encrypted in the first place

9to5Mac Security Bite is brought to you only Mosyle, the only Apple Unified Platform. Making Apple devices efficient and secure for business is what we do. Our unique integrated approach to management and security combines Apple’s modern security solutions with self-enforcement and fully automated compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Rights Management with the most powerful and modern Apple MDM on the market. The result is an automated Apple Unified Platform that is now trusted by more than 45,000 organizations to make millions of Apple devices work effortlessly and affordably. Ask for your FREE TRIAL today and understand why Mosyle is everything you need to work with Apple.

Meta quietly updated its Instagram Help Center recently announcing that end-to-end encrypted (E2EE) messages will no longer be supported on the platform after May 8, 2026. If you have encrypted conversations, you’ll want to export them before the deadline.

Corporate legal thinking: low adoption. “Very few people were entering encrypted messages at the end of DMs, so we’re removing this option from Instagram in the coming months,” said a Meta spokesperson. “Anyone who wants to save messages via E2EE can easily do so on WhatsApp.”

That explanation may technically be true, but it’s still a little hard to take seriously…

About Security: Security Bite’s weekly column and biweekly podcast is your deep dive into the evolving world of Apple security. Arin Waichulis is a third-year IT and security writer at 9 on 5 Mac. Here, Arin takes a closer look at the most important privacy and security topics to keep you better informed.

End-to-end encryption ensures that messages are encrypted on your device before they leave it. Only the devices on either side of the conversation hold the keys to decrypt, not the Meta or the bad actor. It’s one of the strongest privacy protections a messaging platform can offer, really.

Many reports have made it appear that this feature is enabled by default. That’s not the case. The user always had to manually go to the chat settings and change the end-to-end encryption. Personally, I didn’t know this was available on Instagram until this week. I doubt I’m in the same boat either.

In addition, Matthew Green, a cryptographer and professor at Johns Hopkins University, flagged this move publicly on X, pointing out that Meta previously made a public commitment to release E2EE as the default on Instagram, not just logging in. The company even went so far as to conduct a human rights impact assessment in 2022 and found that the expansion of end-to-end encryption supports a range of basic human rights.

Now, a few years later, that paper tiger commitment is being quietly reversed and duly called out.

The fact that Instagram never made it default, and now points to low opt-in rates as a reason to remove it entirely, is like a restaurant removing smoke detectors because they weren’t used enough.

What makes the timing even more remarkable is that in December 2025, Meta confirmed that interactions with its Meta AI tools within private conversations could be used for targeted advertising. Encrypted messages cannot be used for that purpose, because Meta cannot read them. Remove encryption, and that changes. Meta hasn’t publicly linked the two decisions, but the timing is worth dwelling on.

WhatsApp still has E2EE by default, and Meta was quick to point users there, it’s fine for now. But this week is a good reminder that privacy features on ad-supported platforms are no guarantee.

All in all, removing E2EE…is an option. But also one that just happens to be very good for the Meta business as a slow spinning ion cannon for data collection.

Unfortunately, I seriously doubt whether this week’s blowback will be enough to change Meta’s decision. Mostly, I saw encrypted messages through the company’s paywall behind its verified paid program, like X.

Follow Arin Waichulis: LinkedIn, Threads, X

Subscribe to the 9to5Mac Security Bite Podcast for biweekly in-depth interviews and interviews with Apple’s leading security researchers and experts: