Meta’s Instagram officially shut down its DM end-to-end encryption (E2EE) feature on May 8, affecting about 2 billion users worldwide. BBC compiled the details of this change: all existing E2EE chats will be converted into standard (non-encrypted) chats; “secret conversations” that users previously enabled will be decrypted and stored on Meta’s servers in a standard format; as of then, Meta has regained the technical ability to read the contents of private messages, photos, voice calls, and video messages. Instagram E2EE has been available in an opt-in form since December 2023, was never set as the default, and has been completely disabled starting 5/8.
5/8 change: Existing encrypted chats are decrypted; Meta can read again
The specific details of this policy change:
Scope: Instagram DM for about 2 billion users worldwide
Existing E2EE conversations: automatically converted to unencrypted chats
Past “secret conversations”: decrypted and stored on Meta servers in standard format
Meta-side capabilities: can read private message text, photos, voice calls, and video content again
User experience: the DM interface and features remain unchanged; users may not notice any difference immediately
E2EE is an encryption design where “only the sender and recipient can decrypt the message, and the platform intermediary cannot read it.” After it is turned off, Meta servers can directly read the message contents.
Why they shut it down: pressure from the UK’s Online Safety Act and EU regulations on content moderation
Meta’s official position is that “very few users choose to enable E2EE,” but industry and privacy advocacy groups say the real driving factor is regulatory pressure:
UK Online Safety Act: requires platforms to detect and report child sexual abuse material (CSAM) and terrorism-related content
EU-related regulations also point toward requiring large platforms to automatically review private message content to varying degrees
Technical reality: under E2EE conditions, Meta’s AI content moderation tools cannot read messages on the server side, and thus cannot meet regulatory requirements
Turning off E2EE amounts to a concrete decision to put “compliance-first” ahead of “user-side privacy”—Meta can use its AI moderation tools again to detect policy-violating content. At the same time, it also lowers the legal threshold for other countries’ judicial authorities to obtain Meta message data (shifting from “Meta can’t read it” to “Meta can assist in providing it”).
Broader implications for the encryption/privacy ecosystem
While this change occurs on centralized social media platforms, it still sends indirect signals to the encryption and privacy technology ecosystem:
The outcome of the “compliance vs encryption” tug-of-war temporarily tilts toward the regulator side following large platforms’ rollbacks of E2EE
The same regulatory logic (UK OSA, the EU) has in the past also been discussed as extending to crypto exchanges and encrypted messaging/transaction-related plans
Platforms that continue to maintain E2EE, such as Signal and WhatsApp, may face similar regulatory pressure in the future
Events to watch next: after Meta shuts off E2EE, the initial compliance assessments issued by UK and EU regulators; updates on how other messaging platforms such as Signal and Telegram respond; and subsequent legal challenge actions by privacy advocacy groups (such as EFF).
This article first appeared on Lianxin ABMedia: Meta shuts down Instagram DM end-to-end encryption on 5/8—2 billion users affected, with UK OSA as the main pressure.
