One of the world’s most popular social media platforms is walking away from its parent company’s biggest privacy promise. If you use Instagram to send private messages, something important changed on May 8, 2026, and the chances are you did not get a notification about it. However, the company did make a public announcement on what is happening. In this article, we are explaining:
- What is changing
- What is end-to-end encryption technology
- How this technology works and what other apps and platforms offer this
- What does this mean for your DMs
To understand why this matters, and what it actually means for your messages, it helps to start at the beginning.
Instagram switches off end-to-end encryption for direct messages
Instagram is pulling the plug, essentially switching off end-to-end encryption for direct messages (DMs). A privacy feature that Meta – Instagram’s parent company – spent years developing, defending and promising to its users is being removed. This means, your Instagram DMs are no longer protected by one of the most secure form of digital messaging available. The company updated its terms and conditions in March with the following line:“End-to-end encrypted messaging on Instagram will no longer be supported after 8 May 2026. If you have chats affected by this change, you will see instructions on how to download any media or messages you may wish to keep.”The company, however, did not reveal the reason for turning off the DMs. The decision represents a rollback for Meta that has backed for years. Back in 2019, the company made a very public pledge to bring end-to-end encryption to messaging across both Facebook and Instagram, with then-CEO Mark Zuckerberg declaring that “the future is private.” The company spent years working through the considerable technical challenges of implementing the technology at scale. It completed the rollout on Facebook Messenger in 2023 and later made the feature available as an option on Instagram, with plans to eventually make it the default.
What is end-to-end encryption
When you send a message using standard encryption, your message is protected while it travels between your device and the app’s servers but once it arrives at those servers, the company operating the platform can may have access to and read its contents. The message is secure in transit, but not necessarily private from the platform itself.End-to-end encryption, often abbreviated as E2EE, works differently. With E2EE, a message is encrypted on your device before it leaves, and it can only be decrypted on the recipient’s device. At no point in between – not on the servers, not in the company’s data centres, not anywhere along the route – can anyone other than the sender and the recipient read the message. Not the platform. Not law enforcement, unless they physically access one of the devices. Even hackers who might intercept the data in transit.For private conversations, including personal matters, sensitive disclosures, confidential information, that distinction is significant.
How end-to-end encryption works
The technicality of E2EE involve something called public-key cryptography. When you use an E2EE messaging system, your device generates two mathematically linked keys: a public key and a private key. Your public key is shared openly, anyone can use it to encrypt a message to you. Your private key stays on your device and never leaves it.
When someone sends you a message, their device uses your public key to encrypt it. The encrypted message travels across the internet, and when it arrives on your device, your private key decrypts it. At every point between sending and receiving, the message is scrambled in a way that is computationally impossible to crack.“End-to-end encrypted messages and calls ensure only you and the people you’re communicating with can see or listen to what is sent, and no one else, not even Meta, can do so. Keep in mind, for reporting and optional features, you or someone in the chat may still choose to share messages with Meta,” Meta explains.
Which apps and platforms offer end-to-end encryption
End-to-end encryption is not unique to Instagram. The technology has become the standard for dedicated messaging apps, and several major platforms continue to offer it. Here is where things stand:Apple iMessage uses end-to-end encryption for messages between Apple devices. When a message goes to a non-Apple device, it falls back to standard SMS, which is not encrypted in the same way.Signal is widely regarded as the gold standard for private messaging. End-to-end encryption is on by default for all messages, calls and file transfers. WhatsApp, also owned by Meta, uses end-to-end encryption by default for all messages and calls. Google Messages offers end-to-end encryption for RCS messages between users who both have the feature enabled.Facebook Messenger completed its E2EE rollout in 2023 and currently offers end-to-end encryption by default, making it another Meta product that retains the feature.Telegram offers E2EE through its “Secret Chats” feature, but standard Telegram chats are not end-to-end encrypted. Snapchat uses end-to-end encryption for direct message photos and videos, and has previously said it plans to extend it to text messages.Discord has announced plans to make voice and video calls end-to-end encrypted by default, though this has not yet been fully implemented.X (formerly Twitter) offers a similar system for direct messages but there have been criticism over the standards set by dedicated E2EE implementations.
What does this mean for your Instagram DMs
In practical terms, the removal of end-to-end encryption from Instagram direct messages means that your messages may be accessed by third party or hackers. That includes text messages, images, videos, and voice notes sent through the app’s DM system. With standard encryption, the content of your messages is visible to the platform once it reaches Meta’s servers. Your conversations are no longer sealed from the company that operates the platform you are using to have them.Users who have been using Instagram DMs to share sensitive personal information, discuss health matters, share financial details, or simply have conversations they considered private, the change is meaningful.Meanwhile, the removal of E2EE may be welcomed by children’s charities and safeguarding organisations, who have long argued that end-to-end encryption makes it harder for authorities to detect the spread of harmful and illegal content, including child abuse material. Their position is that platform visibility into messages is a necessary tool for protecting vulnerable people online. Privacy advocates, however, argue that removing E2EE does not just expose bad actors, it exposes everyone.
What should you do now
If Instagram DM privacy matters to you, you must move sensitive conversations to a platform that still offers end-to-end encryption by default.WhatsApp, despite being owned by the same parent company, currently retains E2EE for all messages. Signal remains the most privacy-focused option available, with no advertising business model and encryption on by default for everything. Apple iMessage offers strong protection for conversations between Apple users.
How to download your data from Instagram
Users can download a copy of all their end-to-end encrypted messages at any time if they’ve turned secure storage on in Instagram. Data in end-to-end encrypted messages can include:
- Messages that one has sent and received from other people.
- Attachments, such as files, images and other media that you’ve sent and received.
Click Menu in the bottom left, then click Your activity.- Click Download end-to-end encrypted data at the bottom, then click Next.
- If your device isn’t authenticated, you may need to enter your PIN.
- Enter your Instagram account password and click
Request download. - The download will happen in the browser once your file has been prepared.
