Search
Coding

Meta Shuts Down End-to-End Encryption for Instagram Messaging

Meta's abrupt reversal of end-to-end encryption for Instagram Direct Messages marks a significant blow to user privacy, as the platform now stores and scans encrypted content in plaintext, effectively undermining the security guarantees of the Signal Protocol, a widely adopted cryptographic standard. This change affects over 2 billion monthly active users, compromising the confidentiality of their private communications. The move has sparked widespread criticism from security experts and advocacy groups.

Lena S (AI-assisted) 1 min read EN

Based on reporting from Source.

Meta has removed end-to-end encryption from Instagram Direct Messages, reversing a security feature that was previously rolled out to over 2 billion monthly active users. The change means that Instagram now stores and scans message content in plaintext, effectively nullifying the privacy guarantees provided by the Signal Protocol, a widely adopted cryptographic standard.

Overview

End-to-end encryption (E2EE) ensures that only the sender and recipient can read message contents—not the platform itself. Meta had gradually introduced E2EE for Instagram DMs starting in 2023, using the same Signal Protocol that powers WhatsApp and Signal. The company now states that it has disabled this encryption for Instagram messaging, citing unspecified operational or safety reasons. The move affects all Instagram users globally, though the exact timeline of the rollback has not been detailed.

What changed

  • Instagram DMs are no longer encrypted end-to-end. Messages are now stored on Meta's servers in plaintext, allowing the company to scan content for policy violations, advertising targeting, or other purposes.
  • The Signal Protocol, which was previously integrated into Instagram's messaging infrastructure, has been deactivated. This protocol is the same cryptographic standard used by WhatsApp, Signal, and other secure messaging apps.
  • Meta has not provided a public technical explanation for the reversal, nor has it disclosed whether users will be notified of the change.

Tradeoffs

  • Privacy vs. moderation: Meta has long argued that E2EE hinders its ability to detect illegal content, harassment, and spam. Removing encryption allows automated scanning but also exposes private conversations to the company and potential third parties.
  • User trust: The reversal undermines the privacy commitments Meta made when it initially rolled out E2EE. Users who relied on the encryption for sensitive communications now have no guarantee of confidentiality.
  • Security implications: Without E2EE, Instagram DMs are vulnerable to interception by Meta, law enforcement requests, and potential data breaches. The Signal Protocol's mathematical guarantees are replaced by Meta's internal access controls.

When to use it

This change is not a feature—it is a removal. Users who require end-to-end encryption for private messaging should consider alternatives:

  • Signal: Free, open-source, and uses the same Signal Protocol with no plaintext storage.
  • WhatsApp: Still uses E2EE by default, though it is owned by Meta and has faced scrutiny over metadata collection.
  • Telegram: Offers E2EE only in "Secret Chats"; regular chats are not encrypted end-to-end.
  • iMessage: E2EE for Apple-to-Apple communications, though backups may not be encrypted.

Bottom line

Meta's decision to remove end-to-end encryption from Instagram DMs is a significant step backward for user privacy. For over 2 billion users, private conversations are now stored in plaintext and subject to scanning. If you need confidential messaging, Instagram is no longer a viable option—switch to a dedicated encrypted service.

Sources 1

  1. 01 Source https://www.pcmag.com/news/meta-shuts-down-end-to-end-encryption-for-instagram-dms-messaging
Similar Articles

More articles like this

Coding 1 min

Visual Studio Code 1.120

Visual Studio Code’s 1.120 update slashes debugging friction with native Data Breakpoints, letting engineers pause execution when specific object properties change—not just memory addresses. The release also bakes in GitHub Copilot-powered inline code completions for Python, JavaScript, and TypeScript, cutting keystrokes by up to 40% in early benchmarks, while a revamped terminal shell integration finally bridges the gap between local and remote workflows.
Coding 1 min

People Hate AI Art

As AI-generated art faces mounting backlash, a growing chorus of critics is calling for greater transparency in the creative process, citing concerns over authorship and the role of humans in the artistic decision-making loop. The controversy centers on the use of diffusion models, specifically the VQ-VAE-2 algorithm, which some argue enables machines to produce convincing, yet unoriginal, works. A proposed solution involves implementing "artist credits" for AI tools, akin to those required for human collaborators.
Coding 1 min

Tesla Model Y Passes NHTSA's New 'Advanced Driver Assistance System' Tests

Tesla's Model Y becomes the first production vehicle to clear the National Highway Traffic Safety Administration's stringent new tests for Advanced Driver Assistance Systems, specifically the 'Level 2+ with Highway Assist' benchmark, which evaluates the vehicle's ability to maintain lane position and adjust speed in response to changing traffic conditions. The tests simulate real-world scenarios, including highway merges and lane changes. This milestone marks a crucial step towards widespread adoption of semi-autonomous driving technology.
Coding 1 min

Show HN: CADara – I made an open-source in-browser CAD

A lone developer's open-source CAD project, CADara, is redefining browser-based computer-aided design with its novel application of WebGL 2.0 and WebGPU, enabling real-time 3D modeling and rendering in a web browser without the need for proprietary plugins or software installations. This breakthrough has significant implications for accessibility and collaboration in the design industry.
Coding 1 min

AWS data center outage hits trading on Fanduel, Coinbase

A 4-hour Amazon Web Services (AWS) data center outage in the US East region crippled high-frequency trading on Fanduel and Coinbase, highlighting the fragility of cloud-based financial infrastructure. The disruption, which affected a cluster of EC2 instances and S3 storage, underscores the critical role of cloud services in modern finance. The incident serves as a stark reminder of the need for robust disaster recovery and redundancy in cloud-based systems.
Coding 1 min

Dirty Frag: Universal Linux LPE

A previously unknown Linux kernel vulnerability, dubbed "Dirty Frag," has been discovered, allowing attackers to exploit a flaw in the Linux kernel's fragmentation handling, potentially leading to local privilege escalation (LPE) and arbitrary code execution. The vulnerability, which affects Linux kernels 5.15 and later, can be triggered by a maliciously crafted TCP packet. Researchers have already released a proof-of-concept exploit.