Instagram Just Removed Encryption Because Too Few People Used It

In March, Meta announced — and as of 8 May 2026 has carried out — the removal of end-to-end encryption for Instagram direct messages. The company’s reasoning was refreshingly, almost startlingly, candid: “Very few people were opting in to end-to-end encrypted messaging in DMs, so we’re removing this option.”

There it is, in one sentence: a security property was offered, most people didn’t turn it on, and so it was taken away from the people who did. It’s tempting to read that as a simple product decision about an underused feature. It is much more than that. It is a live demonstration of the single most important idea in practical cryptography — that a security guarantee almost nobody uses is a security guarantee that can be removed — and a clear illustration of why the architecture underneath a feature matters more than the feature itself.

Optional security is the security most people never get

End-to-end encryption on Instagram DMs had been available, in testing and limited form, since 2021. It was optional. You had to know it existed, find it, and switch on “secret conversations” or their equivalent — per chat, deliberately, against the grain of the default experience. Predictably, most people never did. Not because they don’t care about privacy, but because defaults are destiny. People use software the way it ships.

So when Meta measured adoption, it found a small number. And a small number is exactly the justification needed to remove a feature: low usage, real engineering cost to maintain, and — Meta was explicit about this too — pressure to detect illegal content like CSAM and terrorist material, which end-to-end encryption by definition prevents the platform from scanning. Add it up and the optional feature becomes a liability on a spreadsheet. Off it goes.

This is the trap of opt-in security. The very thing that makes it palatable to a large platform — that it’s off by default, so it doesn’t interfere with moderation, ads, or “engagement” — is the thing that guarantees low adoption, which then becomes the argument for killing it. Opt-in encryption is encryption on probation.

We’ve made this point before in a different context. Writing about post-quantum protection, we said there is no toggle to turn quantum resistance “on,” because security that is opt-in is security most people never get. Instagram just proved the converse: security that is opt-in is security a company can take back, and frame the removal as responsiveness to its users.

”Encrypted” is a property of the system, not a setting

When privacy lives as a setting, it lives at the mercy of whoever controls the settings.

Think about what “Instagram DMs are no longer end-to-end encrypted” actually means. Nothing about your phone changed. You didn’t get a vote. A decision made in a meeting at one company silently altered the confidentiality of every conversation you have on that platform. The messages you send on 9 May are readable by the provider in a way the messages you sent on 7 May (if you’d opted in) were not. Same app, same friends, same words — different security, because someone flipped a property you never controlled.

That is the defining feature of centralized communication: the guarantee is the provider’s to give and the provider’s to revoke. It can be revoked for good reasons or bad ones, under legal pressure or commercial pressure or simply because a metric came in low. It does not matter how strong the cryptography was while it lasted. A cipher you don’t control is a cipher that can be switched off above your head.

We wrote about the extreme version of this when a centralized AI provider’s models were disabled by directive overnight, in The Anthropic Recall. Instagram’s E2EE removal is the same lesson in a quieter register. Centralization means someone else owns the off switch — for a model, for a feature, for your privacy.

Credit where it’s due

We’re not interested in dunking on Meta unfairly, so let’s be precise about the good and the bad.

The good: WhatsApp, which Meta also owns, remains end-to-end encrypted by default, and Meta steered users who want encryption toward it. Default-on E2EE for billions of people is a genuinely important thing in the world, and WhatsApp’s continued commitment to it matters. The bad: Instagram DMs are an enormous, everyday communication channel, and most users have no idea that what felt private a week ago no longer is. The change is real, it’s silent, and it moves in the wrong direction at a moment when the legal climate is openly hostile to encryption.

The deeper issue isn’t Meta’s character. It’s the model. As long as your privacy is a feature inside a product you don’t control, its lifespan is a business decision.

What “default and structural” looks like instead

RVNT was built so that this specific thing — a provider revoking your encryption — is not a move that exists on the board.

• There is no “off.” End-to-end encryption isn’t a setting in RVNT; it’s the protocol. Every message is protected by a hybrid X3DH handshake and the Double Ratchet, with no plaintext path and no toggle to disable it. You cannot forget to turn it on, and we cannot decide to turn it off.
• There is no provider to change its mind. RVNT is peer-to-peer. There is no central server holding your messages and no company sitting in the data path with the power to alter the deal later. “Low adoption” can’t strip a guarantee from a system where the guarantee is the architecture.
• You can verify the claim. Because RVNT is open source under AGPLv3, “it’s encrypted” isn’t a marketing line you take on trust — it’s code you (or anyone) can read. A guarantee you can audit is a guarantee that doesn’t depend on a press release.

The honest limit

Default-on, structural encryption removes the provider’s off switch. It does not make you invulnerable, and we won’t suggest it does. Whoever you talk to can still screenshot or forward what you said. A compromised device with malware reads your screen no matter how the message arrived. And no protocol decision can force a hostile government to allow the app onto a phone. These are real limits, spelled out in our threat model, and they are the same limits any honest secure messenger lives with.

But there is a category of failure that should not be possible in a tool you rely on for privacy: waking up to discover the provider quietly removed your encryption while you slept. On 8 May, millions of Instagram users woke up to exactly that. The right response isn’t to scold them for not finding a buried setting. It’s to build communication where confidentiality isn’t a setting at all — where it’s on by default, owned by you, and verifiable in the open.

Don’t take our word for any of it. Read the protocol, read the code, and confirm there’s no switch — for us or anyone else — to turn your privacy off.