Meta Can Now Read Your Instagram DMs and the Timing Was No Accident

Welcome back to SavvyMonk, your one-stop for AI and tech news that actually matters.

Meta removed end-to-end encryption from Instagram DMs, and if you have been using it, your messages are no longer private from the platform. Today we're getting into what happened, why it matters, and why the timing is a little too convenient to ignore.

Let's get into it.

Apple just secretly added Starlink satellite support to iPhones through iOS 18.3.

One of the biggest potential winners? Mode Mobile.

Mode’s EarnPhone already reaches 490M+ users that have earned over $1B, and that’s before global satellite coverage. With SpaceX eliminating "dead zones," Mode's earning technology can now reach billions more in unbanked and rural populations worldwide.

Their global expansion is perfectly timed, and investors like you still have a chance to invest in their pre-IPO offering at $0.50/share.

With their recent 32,481% revenue growth and newly reserved Nasdaq ticker, Mode is one step closer to a potential IPO.

Tap into a $1T opportunity — invest now at just $0.50/share and get up to 20% bonus.

^{Please read the offering circular and related risks at invest.modemobile.com. This is a paid advertisement for Mode Mobile’s Regulation A+ Offering.}

^{Mode Mobile recently received their ticker reservation with Nasdaq ($MODE), indicating an intent to IPO in the next 24 months. An intent to IPO is no guarantee that an actual IPO will occur.}

^{The Deloitte rankings are based on submitted applications and public company database research, with winners selected based on their fiscal-year revenue growth percentage over a three-year period.}

End-to-end encryption, or E2EE, has been an optional feature on Instagram since 2023. It worked simply, meaning only the sender and the recipient could read a message, with no access for Meta, law enforcement, or anyone else. Think of it like a sealed envelope where even the postal service cannot read what is inside.

But it was never easy to use. Enabling it required going into each individual conversation and finding a buried setting. Meta never turned it on by default, never prominently promoted it, and never rolled it out to all users. So, unsurprisingly, very few people used it.

That is the reason Meta gave for removing it. "Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram," the company said. Privacy advocates were quick to point out the obvious flaw in that logic: of course adoption is low when you never make it easy to find or turn on.

What Changes Now

Instagram DMs now use only standard transport-level encryption. This means your messages are protected as they travel between your device and Meta's servers, but Meta holds the keys on its end. The company can read your messages. It can share them with law enforcement. And there is wording in Meta's own policies that allows for product improvement, which many experts read as a door left open for training AI models on message content.

Meta has officially said that DM content is not used for targeted ads right now, but that can change.

Users who had E2EE enabled were shown instructions to download their message backups before the cutoff. Privacy experts warned that storing those backups in Google Drive or iCloud defeats the purpose entirely, since cloud providers would receive the unencrypted files. The safe option is to store any downloaded chats locally on your own device.

For people who want encrypted messaging going forward, Meta's official recommendation is to switch to WhatsApp, which still supports E2EE by default. Signal remains the most trusted option for users who want verifiable, open-source encryption.

The Timing Problem

Here is where it gets harder to look away. Meta announced the removal of Instagram E2EE just 12 days before the Take It Down Act takes full effect on May 19, 2026. This is a federal law signed by President Donald Trump in May 2025 that requires platforms to remove non-consensual intimate imagery, including AI-generated deepfakes, within 48 hours of a victim's report.

Enforcing that law requires platforms to actually be able to see and analyze message content. End-to-end encryption makes that impossible. By removing E2EE before the deadline, Meta puts itself in a position to comply.

Digital privacy expert Harry Maugans said the timing is not a coincidence. Law enforcement agencies and child safety groups have also pushed Meta on this issue for years.

The NSPCC, a UK child protection organization, welcomed the decision, arguing that encrypted messaging makes it harder to detect harmful activity including online child abuse.

The tension here is real. Privacy advocates argue that E2EE protects everyone, including journalists, abuse survivors, and activists. Child safety groups argue that encryption shields predators. There is no easy answer. But the way Meta handled this, by making the feature hard to use, watching adoption stay low, and then citing that low adoption as justification for removal, does not inspire confidence that user privacy was ever a priority.

What Meta Gets Out of This

Beyond legal compliance, Meta likely benefits in other ways. With full access to DM content, the company can improve its content moderation systems and potentially train AI models on a massive new data source. Even if Meta is not running ads against your messages today, the removal of encryption expands what is possible for the company going forward.

It is worth noting that Facebook Messenger eventually adopted default E2EE after years of pressure. Instagram went the other direction. That contrast says something.

The Bottom Line

Meta removed a privacy feature that was never properly supported to begin with, 12 days before a federal law requiring content visibility took effect. Whether the motivation was legal compliance, safety, or data access, the result is the same.

Instagram is no longer a private place to have a conversation. If your messages need to stay between you and the person you are talking to, move them to WhatsApp or Signal.

Category: Privacy and Security Audit

"Review the following list of apps and platforms I use for messaging: [App 1], [App 2], [App 3]. For each one, tell me whether it uses end-to-end encryption by default, who holds the encryption keys, and whether messages can be shared with law enforcement or used for product improvement. Give me a simple risk rating of Low, Medium, or High for each."

Meta did not secretly remove encryption. They announced it, gave users time to download their chats, and pointed them toward alternatives. But the fact that they built a privacy feature, never made it easy to use, watched adoption stay low, and then used that low adoption as the reason to kill it deserves more scrutiny than it is getting. The lesson is not that E2EE failed on Instagram. The lesson is that a privacy feature only works if the company building it actually wants people to use it.

Hit reply, I read every response.

See you in the next one.

— Vivek

P.S. Know someone who still DMs on Instagram thinking it is private? Forward this their way. They can subscribe at https://savvymonk.beehiiv.com/