Instagram’s Failed Encryption Promise: What Happened and Why It Matters
Instagram recently discontinued its optional end-to-end encryption (E2EE) feature for direct messages, a move that puzzled privacy advocates. This decision came years after Meta promised to make E2EE the default across its platforms. In this Q&A, we unpack what Instagram did, why Meta claims it was necessary, and what this means for user privacy—especially when compared to competitors like Apple, Google, and Signal.
1. What exactly did Instagram do with its end-to-end encryption feature?
Instagram stopped offering an opt-in end-to-end encryption option for its direct messages. This feature was rarely used—according to Meta—because users had to manually enable it through a four-step process that was not widely known. By removing it, Instagram now only provides standard encryption in transit (not end-to-end) for DMs, meaning Meta could potentially access message content. The decision effectively ends a long-standing promise to bring strong encryption to all Meta messaging services.
2. Why did Meta claim they removed the feature, and is that reason valid?
Meta stated that “very few people were opting in to end-to-end encrypted messaging in DMs,” suggesting low user demand. However, this explanation overlooks how defaults influence behavior. Making E2EE an obscure, multi-step option practically guaranteed low adoption. Privacy experts argue that if Meta truly valued private communication, it would have made E2EE the default, as it has on WhatsApp. Blaming users for not jumping through hoops is seen as a way to sidestep the technical and business challenges of implementing widespread encryption.
3. What exactly had Meta promised earlier about encryption?
In a 2022 white paper, Meta said: “We want people to have a trusted private space that’s safe and secure, which is why we’re taking our time to thoughtfully build and implement e2ee by default across Messenger and Instagram DMs.” In 2023, Meta bragged about encrypting Messenger and teased that Instagram was next. These statements created an expectation that Instagram would follow suit. Instead, the company quietly dropped the opt-in feature without ever rolling out default encryption, breaking a clear public promise.
4. What does Meta recommend instead of using encrypted Instagram DMs?
Meta directs users who want end-to-end encryption to use WhatsApp, which has offered E2EE by default since 2016. While WhatsApp is also owned by Meta, this strategy fragments secure communication: people must switch apps to get privacy. Critics argue this undermines Meta’s stated goal of providing a “trusted private space” across all its platforms. If Meta truly cared, it would meet users where they already are—on Instagram and Messenger—rather than forcing a migration to a separate service.
5. How does Instagram’s decision compare to actions by other tech companies?
Other companies are moving in the opposite direction. Google and Apple are collaborating to add end-to-end encryption to the Rich Communication Services (RCS) standard, which would protect billions of text messages by default. Signal continues to refine its open-source app, making encrypted communication simpler and more accessible. Instagram’s retreat stands in stark contrast to these proactive steps. While Meta blames users for low opt-in rates, competitors are making encryption invisible and automatic—proving that strong privacy protections are achievable when prioritized.
6. What lessons can users learn from Instagram dropping its encryption feature?
First, opt-in features that require extra effort rarely succeed—defaults matter immensely. Second, tech companies’ public promises about privacy are not always backed by action; features can be abandoned quietly. Third, even when a company points to another service (like WhatsApp), it may not indicate a genuine commitment to privacy across its ecosystem. Users should demand that strong encryption be the default, not an afterthought, and consider using independent, open-source apps like Signal for truly private conversations.
7. What does this say about the broader issue of broken tech promises?
Meta’s move is part of a pattern where companies make grand privacy pledges but fail to deliver. Because broken promises are rarely officially revoked—they just fade away—users often forget. Instagram’s case is unusual because Meta explicitly stated it would stop supporting the feature. Yet this honesty is small comfort. It highlights a systemic problem: without regulatory pressure or user backlash, platforms have little incentive to invest in complicated, privacy-first features. The result is a slow erosion of the private communication tools we were once promised.