Instagram ends encrypted DMs as privacy concerns drive VPN interest

• Instagram will end encrypted DMs after 8 May 2026.
• ExpressVPN said the move raises privacy concerns.

Instagram is ending support for end-to-end encrypted DMs globally.

The change means Instagram will no longer support end-to-end encrypted messaging after 8 May 2026. Meta stated the date on its Instagram help page and also confirmed the change through an update to Instagram’s terms and conditions in March, rather than a separate public announcement.

Users with affected chats will receive instructions on how to download any messages or media they want to keep. The instructions apply to users who had activated end-to-end encrypted chats.

What changes for users

End-to-end encryption restricts message access to the sender and recipient.

Without it, Instagram will continue to use standard encryption. Messages will still be protected while moving between users and the platform, but Meta may be able to access direct message content when needed.

The change covers direct messages and shared media, including voice notes.

Meta had previously committed to expanding end-to-end encryption across Facebook and Instagram messaging. In 2019, the company said it was moving toward a more private future for its platforms.

Facebook Messenger completed its rollout of end-to-end encryption in 2023. Instagram later introduced the feature as an option, with plans to make it the default for direct messages.

Meta has now dropped the wider Instagram rollout. The company told reporters the decision was linked to low user adoption of the optional feature.

Child safety concerns

Child protection groups welcomed the move. The NSPCC has argued that end-to-end encryption can make it harder to detect grooming and child abuse on messaging platforms.

Rani Govender from the NSPCC said the charity was pleased with the decision, saying end-to-end encryption can allow offenders to avoid detection and keep abuse hidden.

Child safety concerns have also been raised by policymakers. A 2023 European Parliamentary Research Service report said end-to-end encryption can hide data in online child sexual abuse cases. The report said this can limit efforts to pursue those crimes.

Privacy groups push back

Privacy groups criticised the decision. Big Brother Watch said the removal of end-to-end encrypted messaging weakens a key privacy protection for users, including children.

Maya Thomas from Big Brother Watch said the group was disappointed by the change and raised concerns that Meta may be responding to pressure from governments.

Privacy groups say end-to-end encryption protects users from surveillance and unauthorised access. Child safety organisations and law enforcement bodies say it can limit efforts to identify harmful activity.

VPN providers respond

ExpressVPN said Meta’s decision raises wider questions about consumer privacy tools and how users assess online privacy.

Pete Membrey, chief research officer at ExpressVPN, described end-to-end encryption as “one of the most important privacy protections available to users online.” He said it limits access to conversations to the sender and recipient.

Membrey said the removal or reduction of such protections raises questions about who can access user communications, how data is stored, and what the change means for personal privacy.

He said one reason messaging platforms such as WhatsApp adopted end-to-end encryption was to prevent the platform itself from accessing private communications. He added that removing or reducing the protection can affect how message content is accessed or processed inside the platform.

Membrey said Instagram is also used as a communication tool for everyday contact. He said changes to private messaging protections affect user expectations around secure communication.

He also pointed to the wider policy debate around online safety, including child protection and harmful content. He said online safety discussions should also account for user trust and expectations around private communication.

ExpressVPN said privacy-related platform changes have contributed to higher demand for consumer privacy tools, without providing Instagram-specific figures. Membrey linked the demand to public concern about online security and privacy.

VPNs do not replace end-to-end encryption in messaging apps. They protect traffic between a user’s device and the VPN server, while message privacy depends on the platform’s encryption design.

AI and data questions

Victoria Baines, professor of IT at Gresham College, linked the decision to wider questions about Meta’s position on privacy. She said social media platforms monetise user activity for advertising. She also said messaging data can be valuable for AI model training.

Instagram has previously said direct messages are not used to train AI. Meta also told fact-checking outlet Snopes in November 2025 that private messages are not used to train its artificial intelligence systems. The clarification followed online claims about the practice.

Meta declined to provide further comment on the decision, and Instagram head Adam Mosseri declined an interview.

Separately, Meta has expanded its use of internal data for AI development. Last month, the company told staff that clicks and activity on work devices would begin to be collected as training data for the company’s AI models.

Encryption across other platforms

End-to-end encryption remains the default on WhatsApp, Signal, and Facebook Messenger. It is also the default on Apple’s iMessage and Google Messages. Telegram offers it as an option. X provides a similar direct message protection system, though some critics say it does not meet common industry standards.

Snapchat uses end-to-end encryption for direct message photos and videos and has previously said it plans to extend the protection to text. Discord plans to make voice and video calls end-to-end encrypted by default.

TikTok told the BBC in March that it had no plans to introduce end-to-end encryption for direct messages. Two weeks later, Instagram updated its terms to confirm it would not continue with its own rollout.

Want to experience the full spectrum of enterprise technology innovation? Join TechEx in Amsterdam, California, and London. Covering AI, Big Data, Cyber Security, IoT, Digital Transformation, Intelligent Automation, Edge Computing, and Data Centres, TechEx brings together global leaders to share real-world use cases and in-depth insights. Click here for more information.