Meta Ends End-to-End Encrypted Chats on Instagram DMs
Meta said it will discontinue end-to-end encryption (E2EE) for Instagram direct messages after May 8, 2026, reversing an earlier privacy push that began with testing in 2021 and a limited rollout in 2023. The feature was never enabled by default, remained available only in some regions, and Meta said adoption was low. Users with affected encrypted chats are being told to download messages and shared media before the cutoff, and some may need to update the Instagram app to export that data.
The change means Instagram DMs that had been protected by E2EE will revert to a standard format accessible to Meta for moderation and other internal purposes. Reporting also notes broader tension around encrypted messaging: privacy advocates and researchers criticized the rollback as a retreat from user privacy, while child-safety and law-enforcement voices have long argued that E2EE can hinder detection of CSAM, terrorist content, and other abuse. The move follows years of debate inside and outside Meta over whether stronger message privacy should outweigh platform safety and compliance concerns.
Timeline
Mar 16, 2026
Meta starts notifying users to download encrypted Instagram messages
Meta began showing in-app notifications and updating Instagram help documentation to tell affected users to save or download messages and media before encrypted chats are removed. Some users may need to update the Instagram app to access the export guidance.
Mar 13, 2026
Meta announces Instagram encrypted chats will end on May 8, 2026
Meta announced in March 2026 that Instagram will discontinue support for end-to-end encrypted chats after May 8, 2026, citing very low adoption. The company directed users who want encrypted messaging to WhatsApp instead.
Dec 1, 2023
Instagram formally rolls out opt-in encrypted DMs in select regions
In late 2023, Meta formally rolled out Instagram's end-to-end encrypted direct messaging as an opt-in feature in select regions. It still was not made the default for all users.
Feb 1, 2022
Meta expands Instagram encrypted messaging to adults in Russia and Ukraine
In February 2022, Meta expanded Instagram's encrypted direct messaging capability to adult users in Russia and Ukraine during the Russo-Ukrainian war. This marked a broader regional availability of the optional feature.
Jan 1, 2021
Instagram begins testing end-to-end encrypted direct messages
Instagram first tested end-to-end encrypted direct messaging in 2021 as part of Meta's broader privacy-focused messaging strategy. The feature was limited, optional, and not enabled by default.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
2 more from sources like cyber security news and the hacker news
Related Stories
Meta Removes End-to-End Encryption for Instagram Direct Messages
Meta said it will discontinue Instagram’s optional end-to-end encrypted direct messages on **May 8, 2026**, ending a feature introduced in 2023 after reporting that few users enabled it. After the cutoff, Instagram DMs will rely on standard transport encryption instead of end-to-end encryption, allowing message content to be decrypted on Meta’s servers. Users with existing encrypted threads are being notified to save or export content they want to keep before the feature is turned off, and Meta has pointed privacy-conscious users toward **WhatsApp** for encrypted messaging. The change has triggered criticism from privacy advocates, who warn that server-readable messages expand the risk surface for breaches, internal access, moderation scanning, and legal disclosure. Reports also say the move could make private message content more available for automated processing and other internal uses, though Meta’s public rationale focused on low adoption and operational needs rather than explicitly confirming advertising or AI training. The decision also contrasts with earlier public commitments by Meta leadership favoring broader deployment of private, encrypted communications.
Today
Meta Expands Safety and Enforcement Measures Across Facebook and Instagram
Meta disclosed a set of new **platform safety and enforcement actions** aimed at reducing harm and abuse on its services. The company filed multiple lawsuits against alleged scam-ad operators in **Brazil, China, Vietnam** and elsewhere, describing tactics including **deepfakes/celebrity impersonation**, “celeb-bait” investment lures, and **cloaking** used to evade ad review; Meta said it also took technical steps such as disabling accounts, suspending scam-linked payment methods, and blocking associated domains, and shared information with industry partners to help them block the same actors. Separately, Meta announced new **Instagram parental-supervision alerts** that notify parents when a teen repeatedly searches for **self-harm or suicide-related terms** within a short time window (initially for supervised accounts in the **U.S., U.K., Australia, and Canada**), and said it is developing similar notifications for teens’ **AI-related conversations** about self-harm. In parallel regulatory developments, EU lawmakers advanced a non-binding opinion supporting **privacy-friendly age verification** and proposing restrictions that would require **parental consent for under-16s** and bar access for children under 13, positioning these measures for potential inclusion in a future **Digital Fairness Act** focused on child protection online, targeted advertising, and addictive design patterns.
1 months ago
Meta Expands AI-Driven Anti-Scam Protections Across Facebook, Messenger, and WhatsApp
Meta announced expanded anti-scam measures across **Facebook**, **Messenger**, and **WhatsApp**, emphasizing AI-driven detection of impersonation, deceptive links, and other fraud patterns, alongside new user-facing warnings intended to interrupt scams earlier in the interaction. Updates include Facebook alerts for suspicious friend requests, WhatsApp warnings for potentially fraudulent device-linking attempts (e.g., QR-code based linking), and Messenger prompts that can offer an AI scam review of recent chat content; Meta also said it is expanding advertiser verification to reduce identity misrepresentation in ads. Separately, Meta described enforcement at scale, reporting the removal of **159 million scam ads in 2025** and **10.9 million** Facebook/Instagram accounts tied to criminal scam centers, amid ongoing scrutiny from US lawmakers and reporting that has questioned the platform’s financial incentives to police fraudulent advertising. Meta also highlighted collaboration with law enforcement targeting “industrialized” scam operations, including actions tied to Southeast Asian scam compounds that resulted in **21 arrests** and the disabling of **150,000+ accounts**, as well as broader efforts to counter “pig-butchering”-style investment fraud. Complementing these initiatives, Meta detailed a privacy-preserving *Messenger* capability—**Advanced Browsing Protection (ABP)**—that warns users about potentially malicious websites opened from encrypted chats by using cryptographic/private-information-retrieval techniques to check links against large blocklists without revealing message contents to Meta. In parallel reporting on the scam ecosystem, researchers described a large network of **paid Meta ad** campaigns using fake media brands and impersonated public figures to push investment scams across dozens of countries, underscoring the continued role of malvertising and disinformation-for-profit tactics in driving victim acquisition.
1 months ago