Instagram Just Reminded Us That Your Messages Probably Aren’t Private or Secure
If your messages aren't end-to-end encrypted, they can be viewed, used, sold, stolen, or give up by the company or platform. Use E2EE services for private and secure communication.
Most people assume their private messages are private and secure, but unfortunately, for most people and most messages they send, they aren’t.
Meta just reminded us about this with their announcement that they will remove end-to-end encrypted (E2EE) chat support from Instagram DMs after May 8, 2026 (https://thehackernews.com/2026/03/meta-to-shut-down-instagram-end-to-end.html). The stated reason was that not enough people were using it. Meta’s statement said that “very few people were opting in,” and that anyone who wants encrypted messaging can use WhatsApp instead.
I would venture to say that most Instagram users probably didn’t even know the option existed. Instagram’s E2EE chat feature was never turned on by default. It was only available in certain regions, and you had to enable it manually for each conversation.
Almost all messaging platforms are NOT end-to-end encrypted
This is the most important thing to remember. We all use services like Instagram, Facebook, TikTok, X/Twitter, Slack, or even regular SMS, and can incorrectly assume that nobody else can see those messages. That assumption is wrong.
Here’s a quick refresher on end-to-end encryption (e2ee). If something is end-to-end encrypted, the only people who can see the message's contents are the sender and the receiver. The sender and the receiver are the two ends, and the messages are encrypted between them so that nobody else, including the company hosting them, can see them.
If a messaging service is not e2ee, it means the company running the service can access the contents of your messages. Although these messages are encrypted in transit, the platform also stores copies of the encryption keys so that it can view their contents. And once a company has access to your messages, a lot of things can happen to that information.
Employees of the company can see your messages. Companies have employees with access to internal systems, who could potentially view your private conversations. A lawsuit by the former head of cybersecurity at WhatsApp alleges that Meta allowed thousands of engineers access to private account information without proper auditing (https://cyberscoop.com/meta-whatsapp-lawsuit-privacy-violations-relatiation/), among other claims.
Hackers can steal your messages. If a company’s employees can see the messages, then a hacker with access can see them too. A data breach could put your conversations in the hands of bad actors. This has happened over and over again across all kinds of companies and industries.
The company can share your data with third parties. Companies can be compelled to hand over your messages to government agencies through legal process, such as subpoenas or court orders. They can also share your data with business partners and advertisers. Meta, for example, already uses data from your Instagram activity to personalize the ads you see. If your messages aren’t E2EE, nothing is stopping the company from using that data however they want.
Your messages can be used for advertising and AI model training. This is a newer concern that’s becoming more common. Companies are increasingly using the data you provide, including your messages and interactions, to train AI models and improve their advertising algorithms. Meta AI is already integrated into Instagram’s search function, and the data you provide through those interactions is used for ad targeting. When your messages aren’t encrypted, they become just another data source.
The bottom line: if a service is not end-to-end encrypted, you should assume your messages can be read by anyone other than you and the recipient.
What IS and ISN’T E2EE
Most of the tools you use every day are not end-to-end encrypted. I recommend that you assume a service is NOT E2EE and verify before sending anything sensitive through that channel or service.
Here are things that are not E2EE (your messages are NOT private):
If you are using these services/platforms, assume that the company can access, read, use, and give away the content of your messages.
SMS, MMS, and RCS text messages. This is the default texting on every phone. None of it is end-to-end encrypted. Caveat: RCS is moving in that direction, but it’s e2ee across all devices and operating systems, so it's always better to assume it’s not. Never use these for anything sensitive. Learn more in my post.
Instagram DMs. By default, they are not e2ee, and none of them will be after May.
LinkedIn messages. People share job details, salary information, and personal career plans over LinkedIn messaging all the time. None of it is end-to-end encrypted. LinkedIn (owned by Microsoft) can access all of it.
TikTok DMs. TikTok recently said it has no plans to add E2EE.
X/Twitter DMs. I covered the problems with X’s so-called “encrypted” chat in a previous post.
Snapchat messages. Despite the disappearing message feature, Snapchat messages are not end-to-end encrypted. The company can access them, and law enforcement regularly requests and receives message data from Snapchat.
Discord messages and voice chats. Not E2EE. Discord can access all messages, voice conversations, and shared files.
Slack messages. Not E2EE. Your employer and Slack can access everything.
Microsoft Teams messages. Not E2EE. Your employer and Microsoft can access your messages.
Google Chat messages. Not E2EE.
Telegram messages. This one surprises people. Regular Telegram chats are NOT end-to-end encrypted. Only “Secret Chats” are available, and you have to start one manually. Group chats on Telegram are never E2EE.
Most email, including Gmail, Yahoo, Outlook, and your work email. Although email is encrypted in transit, it does not have E2EE, meaning your email provider (and your employer, if it’s a work account) can read your messages.
Google Meet and most Zoom meetings. Not E2EE by default. Zoom offers an E2EE option, but it must be enabled manually.
Reddit DMs. Not E2EE.
Dating App messages (Tinder, Bumble, Hinge, etc.). Not E2EE. These companies can access your conversations.
Remember, the safest option is to assume that things are not e2ee.
E2EE (your messages ARE private):
Signal. Always E2EE. My top recommendation.
iMessage. E2EE between Apple devices.
WhatsApp. E2EE, but owned by Meta. Also, it’s only E2EE if you’re not talking to a business. WhatsApp chats involving businesses are not E2EE.
What You Should Use
1. Use Signal for anything sensitive.
Signal is always end-to-end encrypted and uses an open-source protocol that can be independently verified. It’s run by an independent nonprofit, not a big tech company with an advertising business model. That distinction matters because Signal has no incentive to access, monetize, or share your data. Signal works for messaging, group messaging, audio calls, and video calls. It’s free. It’s easy to use (my parents figured it out, and they’re in their 70s).
Signal also has great privacy features. You can use a username instead of sharing your phone number, set messages to disappear automatically, and confirm the identity of the person you’re chatting with.
For a full breakdown of why Signal is the best option, check out my post:
To learn how to set up Signal’s username feature so you never have to share your phone number, read:
2. iMessage is fine for everyday iPhone-to-iPhone conversations.
iMessage is end-to-end encrypted, and backups are encrypted too. The downside is that it only works between Apple devices, so if you don’t have the blue bubbles, it’s not e2ee!
3. Be cautious with WhatsApp.
WhatsApp does have end-to-end encryption, but only if Business accounts aren’t involved. If you do use WhatsApp, make sure your backups are encrypted, and your privacy settings are locked down. I have a full guide here:
Don’t assume your messages are private. They almost certainly aren’t, unless you have specifically chosen a service that provides end-to-end encryption from a company you trust.
If you want private communication, I recommend using Signal. It’s free, it works, and it’s the most trustworthy option available.
Stay Safe!
Tate
Seems likely that this move is so Meta can harvest even more user data.
You think!🙀😳🙈