Instagram Privacy: Instagram DMs Are No Longer Private—Meta Can Read All Your Personal Chats!

Instagram Encryption: End-to-end encryption is a technology that locks your messages the moment they leave your phone, ensuring they can only be unlocked on the phone of the specific person you sent them to.

Instagram: As of May 8, 2026, end-to-end encryption has been discontinued on Instagram. This means that the messages you used to send to a friend, partner, or business contact are no longer entirely private. In fact, Instagram has removed end-to-end encryption from direct messages exchanged between its users, and Meta can now potentially view the content of messages between all users. This move comes as a major blow to Instagram's hundreds of millions of users. Did you know that over 500 million people use Instagram in India?

What Was E2EE Before, and What Did It Mean?

End-to-end encryption is a technology that locks your messages the moment they leave your phone, ensuring they can only be unlocked on the phone of the specific person you sent them to. With encryption, the content of a message became secure the instant it left the sender's device, and no one—not even Meta itself—could read it until it reached the receiver's device. Encryption was introduced on Instagram in December 2023 as an optional feature, but it was never made the default setting. Users had to manually go in and enable it themselves. This was the initial misstep that ultimately stifled the feature.

What Has Changed Now, and Why?

Since May 8, Meta has the ability to scan every single one of your Instagram DMs. It can read the content of your messages, flag conversations for potential policy violations, serve you advertisements based on the topics you are discussing, and—upon legal demand—hand over all this information to the government. Meta's official explanation is that very few people were opting in to E2EE within Instagram DMs, and therefore, the option is being removed. Meanwhile, those who desire encrypted messaging are encouraged to turn to WhatsApp instead.

What is the Real Reason?

Digital forensics experts suggest that Meta removed this feature not due to encryption security concerns, but rather as a strategic business decision. If we look at the timing, the "Take It Down Act" is set to come into force in the U.S. on May 19, 2026; under this law, platforms will be required to remove objectionable content within 48 hours. This would not have been possible with encrypted messages. Meta took this step exactly 11 days before that law was scheduled to take effect. The second major reason involves data and advertising. Meta's business model hinges on understanding its users. Encrypted messages acted as a "black box" within that data-collection machine. This means that if you messaged someone about hiking boots, you would subsequently start seeing advertisements for outdoor gear on Instagram.

Instagram Had Already Provided This Information

In December 2025, Meta itself stated that interactions occurring within private conversations could be utilized—with the aid of AI tools—to serve targeted advertisements. In other words, your conversations would be used first to train AI models, and subsequently, to serve ads directly to you.

What Will Be the Impact on India?

India is one of Instagram's largest markets. Following the removal of End-to-End Encryption (E2EE), the content of Indian users' Instagram DMs has become accessible to Meta, and the Indian government can now obtain this data through legal requests. Under the DPDP Rules 2025, Meta is classified as a "Data Fiduciary" and is required to obtain user consent before processing personal data. The removal of E2EE has fundamentally altered what Meta is able to do with the content of certain messages. Consequently, the pertinent question now is: Are Meta's current privacy notices and consent mechanisms compliant with the DPDP Rules 2025?

What Changes Can Be Expected?

Simply put, if you were previously discussing sensitive matters—such as business deals, political opinions, or personal affairs—via Instagram DMs, that space has now become a risky environment. Following the removal of E2EE, Meta now has access to the full text of Instagram DMs, photos and videos, voice call metadata, and even communication patterns. The removal of encryption has also heightened security risks. In essence, any system that stores user data in a readable format can become a target for hackers. With E2EE in place, even if data were to be stolen from the servers, it could not be read; this protective shield has now been removed.

What can you do now?

If you have used encrypted chats on Instagram, you can download your old messages by navigating to Settings, then selecting "Your Activity," and finally accessing the "Download Your Information" section. This decision by Meta underscores just how quickly social media privacy landscapes can shift, and highlights the inherent risks involved in relying entirely on the settings of a single application.