- Meta has disabled end-to-end encryption for Instagram direct messages and calls globally.
- The company cites low adoption, but the change opens the door for Meta to monitor and analyze chat content.
- The measure comes amid strong regulatory and child protection pressures in the United States, the European Union and other countries.
- Privacy experts recommend migrating sensitive conversations to apps like WhatsApp, Signal, or Telegram's secret chats.
If you are one of those who use the Instagram direct messages as if it were a chat Beyond the everyday routine, there's a new development that completely changes the game. Starting this Friday, May 8, 2026, Meta has decided to remove end-to-end encryption (E2EE) from Instagram DMs, a measure that affects both messages and calls within the app.
This shift implies a clear setback in platform privacyFrom now on, chats will no longer have that extra layer of protection that prevented anyone, not even Meta, from reading their content. This decision has technical, legal, and also very practical implications for millions of users in Spain and Europe who use Instagram as their main means of informal communication.
What was end-to-end encryption on Instagram and how did it work?
El End-to-end encryption is a cryptographic technology Designed so that only the sender and recipient of a message can read or listen to it. When active, the message is locked on your mobile device with a unique key and can only be unlocked on the recipient's device. Neither the platform, nor your internet provider, nor any third party intercepting the connection has access to the content.
On Instagram, this protection was introduced as optional feature in December 2023 For direct messages and calls. It wasn't enabled by default, it wasn't available in all regions at once, and to top it all off, it was quite hidden in the settings. In practice, only those explicitly concerned about privacy ever bothered to enable it.
Meta clearly defined the system in its help center: with E2EE, “Only you and the people you communicate with can see or hear what is sent, and no one else, not even Meta, can.”That promise has been broken: encrypted messages will no longer be accepted after May 8, 2026, and the company has urged users to download any encrypted history they wish to keep.
It's important not to confuse this with other functions such as Temporary messages that disappear after being viewedJust because something disappears from the recipient's screen doesn't mean it traveled encrypted to get there. They are different mechanisms, and with the withdrawal of E2EE, this confusion becomes even more dangerous.
What changes from May 8, 2026
From May 8, All direct messages and calls on Instagram will now function as standard chats without end-to-end encryption.This means that the content of the conversations becomes technically accessible again to Meta and, if necessary, to the authorities through the appropriate legal channels.
On its support page, Instagram warns that “End-to-end encrypted messaging on Instagram will no longer be supported after May 8, 2026”The app displays alerts and specific steps for users with encrypted DMs to download their messages and media files before they become unavailable on the platform.
For the average user, what changes is the actual level of privacy when writing in DMsPreviously, although not everyone had it enabled, it was possible to protect sensitive chats. Now, that option is gone. Any message sent from this date forward will be treated as a regular message that the company can process and store.
There is an important nuance: if You never manually enabled encryption on your account.You've been using direct messages without that extra protection since 2023. In your specific case, the daily experience hardly changes, but the option to take a security step when you want to have a truly private conversation disappears.
For those who did activate E2EE, the loss is more obvious: Instagram will no longer be able to display previous encrypted messages within the app once the withdrawal process is complete. Hence Meta's insistence that you download your history if you want to save it outside the platform.
Meta's explanations: low adoption, pressures, and official discourse
Meta has offered a rather brief public justificationIn various statements to the media and in its official documentation, the company repeats the same argument: “Very few people were activating end-to-end encrypted messaging in direct messages, so we are removing this option from Instagram. Anyone who wants to continue sending messages with end-to-end encryption can easily do so on WhatsApp.”
The critical reading by privacy experts is that It's not the same thing for few people to use a feature as it is for few people to want it.The encryption was never enabled by default, never prominently promoted, and its configuration was so buried that many people didn't even know it existed. Building an invisible feature, measuring that almost no one uses it, and then removing it due to lack of use is a line of reasoning that generates considerable skepticism.
There is also a political and regulatory context that helps to understand the decision. The withdrawal of the E2EE It comes just 11 days before the Take It Down Act comes into effect in the United States.This regulation requires platforms to detect and remove non-consensual intimate images within 48 hours, including those generated by artificial intelligence. To comply with such a regulation, the company needs to be able to scan the content, which is impossible with strict end-to-end encryption.
Added to this are Years of pressure from governments and security forces in the US, UK, the European Union, and Australia as well as child protection organizationswho believe that E2EE hinders the fight against child sexual abuse, harassment of minors, or terrorism. In the case of Instagram, whose The audience is younger than on other platforms, these pressures have been especially intense.
In fact, international media have revealed that the introduction of encryption caused internal frictions within MetaSome executives even called the measure "irresponsible" because it prevented them from monitoring criminal activity. The rollout of E2EE slowed down, was tested on a limited basis starting in 2021, and was never fully implemented on a large scale at Instagram.
What can Meta do now with your messages?
Without end-to-end encryption, the scenario changes completely: Meta regains technical capacity to read and process the content of direct messagesThat doesn't mean there are people manually reviewing chats, but it does open the door to several automated uses that were previously unfeasible.
Among the uses that various technical sources and legal documents consider possible are the automatic scans to detect prohibited content (for example, child abuse material, direct threats or clearly criminal activities), as well as cooperation with judicial investigations by handing over the full content of the conversations under order.
The option of training artificial intelligence models and tailor personalized advertising. Meta hasn't explicitly confirmed that it will leverage Instagram DMs for these purposes, but the company has already warned its own employees that their interactions on corporate devices will be used to train its AI systems, and that approach fits with its overall strategy.
In practice, any message, photo, video, or voice note you send via Instagram becomes potentially accessible to the company's algorithmsThis change breaks with the idea, often repeated in recent years, that "the future is private," a slogan with which Meta itself defended its decision in 2019 to encrypt communications on Facebook, Messenger, and Instagram after controversies such as the Cambridge Analytica case.
Another factor to consider is the risk of third parties. If messages are not end-to-end encrypted, the attack surface increases.: A security breach on the serversA data breach or internal misuse can have more serious consequences than when information is end-to-end encrypted and the company itself does not have the key.
Arguments for and against: privacy versus child safety
Meta's decision has polarized reactions. Child protection organizations and some police forces They welcome the end of E2EE on Instagram, understanding that it facilitates the detection and removal of abusive content, especially that related to minors, and allows for faster action against bullies or organized networks.
On the other hand, privacy advocates, technology journalists, and digital rights experts They believe this sets a dangerous precedent. They emphasize that it is the first time a major messaging platform has taken such a clear step backward in encryption, just when the general trend seemed to be moving in the opposite direction.
The main argument of these groups is that The disappearance of E2EE structurally weakens the protection of private communicationsIn his view, allowing platforms to analyze messages in order to prosecute crimes opens the door to abuses, creates new commercial temptations, and could end up normalizing mass surveillance that is difficult to reverse.
In Europe, this debate is linked to other ongoing discussions, such as proposals for to require encrypted services to scan messages for child abuseBoth in Spain and in the rest of the EU, the authorities try to balance the fight against crime with respect for the confidentiality of communications, a fundamental right enshrined in various legal texts.
What does seem clear is that Meta's move sends a message to the sector: End-to-end encryption is no longer untouchableWhat for years was presented as the minimum security standard in messaging is beginning to be seen, in certain contexts, as a negotiable element.
How to download your encrypted messages before they disappear
For those who did activate end-to-end encryption on Instagram, it's important Act before the old encrypted chats become unavailable within the app. The platform itself displays notifications in the affected conversations, with a direct link to the download process.
If you don't see the warning, the first recommended step is Update the Instagram app to the latest version from your mobile app store. Some download features only appear once the app is up to date, so it's best not to leave it until the last minute.
Next, you'll need to go into your direct message settings and look for the option that allows download the encrypted messages and associated media files. The system will generate a file with your history that you can save to your device or the cloud, but it will no longer be accessible from Instagram as if it were a regular chat.
If in those conversations there is especially sensitive information (personal documents, bank details, private photos, etc.), the general recommendation is to remove it from there as soon as possible and store it securely in other more controlled services or devices, ideally protected by encryption and backups.
In any case, after the deadline, those encrypted conversations will cease to exist as such within Instagram. Only those who have completed the download process will retain a local copy of that content.
End-to-end encrypted alternatives to continue chatting securely
If confidentiality is non-negotiable for you, the wisest course of action is Migrate your sensitive conversations to applications that maintain E2EE as a core pillarThe good news is that in Spain and the rest of Europe there are widespread options that don't require convincing your entire circle to install an exotic app.
The most obvious alternative is WhatsAppAlso owned by MetaUnlike Instagram, the messaging app has had end-to-end encryption enabled by default since 2016 for all chats, calls, and video calls. There's no need to change any settings: every conversation between WhatsApp users is encrypted from beginning to end.
The problem with WhatsApp is that You need the other person's phone numberOne of the advantages of Instagram Direct was precisely the ability to message a content creator, a brand, or an acquaintance without having to exchange phone numbers. For those more casual interactions, WhatsApp doesn't completely replace Instagram's social functionality.
If you want to get out of the big corporations, Signal It has established itself as the benchmark for privacy. Using an open-source encryption protocol, the app is free, ad-free, and collects minimal user data. In Europe, it boasts a growing user base, particularly among groups that value digital security.
Another well-known option is TelegramHowever, there are important nuances here. Their standard chats are not end-to-end encrypted; instead, they are stored on the company's servers. To use E2EE encryption, you must open a "Secret Chat" with the other person from their profile, and only this type of conversation enjoys maximum protection and extra features such as automatic message deletion.
In the Apple ecosystem, iMessage It also appears to be a solid option: messages between Apple devices are end-to-end encrypted by default and integrated into the iPhone, iPad, and Mac experience. However, it has shortcomings such as the lack of usernames or a native message self-destruct system—limitations that Apple could address if it wants to capitalize on the privacy gap left by Instagram.
Finally, other platforms such as X (formerly Twitter) works on encrypted messaging systems based on usernamesThey are trying to combine a social layer with the protection of private chats. Currently, they are in the initial stages and require a certain degree of trust that the encryption promises will hold over time.
How the everyday use of Instagram as a messaging app is changing
Beyond the technical and legal aspects, Meta's movement forces Rethinking Instagram's role as a tool for private conversationsUntil now, many people in Spain used DMs almost as an informal substitute for WhatsApp: to comment on a story, share a meme, make a quick plan, or talk to someone you follow but whose phone number you don't have.
In that context, the general perception was that this space was “reasonably private”. With the elimination of the E2EE, that feeling of intimacy weakensNot because someone will manually read what you write, but because the technical guarantee that they cannot do so disappears.
The most sensible thing to do from now on is to clearly differentiate between casual conversations and truly sensitive communicationsFor the first point, Instagram remains convenient, fast, and well-integrated with the rest of the social network experience. For the second, using its DMs makes less and less sense.
The relationship of trust with the platform itself also changes. Many users wonder whether this decision can foreshadow future changes in other Meta productsEspecially on WhatsApp, where encryption is a key selling point. The company insists it doesn't intend to touch this pillar, but Instagram's reversal demonstrates that, if the regulatory context and commercial interests push it, end-to-end encryption may cease to be sacrosanct.
In short, Instagram's move marks a turning point in how we understand private conversations on social media. From now on, those who truly value privacy will have to to combine the social aspect of each platform with truly secure messaging toolsChoosing more carefully what is said and where it is said.
