By Neeraj Kapoor 
New Delhi, May 8: Your Instagram DMs Are Not Private Anymore. They Never Really Were For Most Of You, But Now It Is Official.
Let us get one thing out of the way first. If you use Instagram to chat with people, and most Indians do, today something changed. Not visually. Not in how the app looks or feels. But underneath, in the way your messages are stored and who can read them, something important is different from this morning.
Meta switched off end-to-end encryption for Instagram direct messages today. May 8, 2026. That is the date this happened. And if you are sitting there wondering what end-to-end encryption even means, good. That is exactly where this article starts.
Think Of It Like A Sealed Envelope
Imagine you write a letter, seal it in an envelope, and only the person you addressed it to has the key to open it. Not the postman. Not the post office. Nobody in between. That is what end-to-end encryption does for messages. Only the sender and the receiver can read what was written. Not the app company. Not the government. Not hackers. Nobody.
Meta had quietly added this as a choice, an opt-in feature, for Instagram DMs back in December 2023. If you had it switched on, a small lock icon would show up on those particular chat threads. Most people never turned it on, partly because Instagram buried the setting deep enough that the average user would never find it without specifically looking.
From today, that option is gone. Removed. Instagram DMs now work the same way your regular, unencrypted messages always have. Meta can read them. Their automated systems can scan them. Law enforcement with a court order can request them. The sealed envelope is now just an open postcard.
So What Changed For The Average Indian Instagram User
Honestly, for the vast majority of people in India who use Instagram to chat, practically nothing changes today. Because most of those users never had the encryption feature switched on in the first place. Their messages were already readable by Meta. This news changes the reality for only those who had specifically turned on that lock feature.
But here is why it still matters even if you were not using encryption. It closes a door. It says: this level of privacy is no longer available on this platform. Whatever you type in an Instagram DM, going forward, you are typing it in a space that the company hosting it can technically read.
That is a different kind of assurance than most people imagine they have when they hit send on a personal message.
Meta’s Explanation And The Part That Does Not Quite Add Up
Meta gave a simple answer for why they did this. According to a spokesperson who spoke to The Guardian, “Very few people were opting in to end-to-end encrypted messaging in DMs, so we’re removing this option from Instagram in the coming months. Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp.”
Fair enough on the surface. Low usage, so they cut the feature. Companies do this all the time.
Except there is a detail that security researchers have been flagging loudly since March, when Meta first announced this change. The encryption is being removed on May 8. A major United States law called the Take It Down Act comes fully into force on May 19. That is an 11-day gap. Not a coincidence, a lot of analysts say.
Here is what that law does. It forces social media platforms to detect and remove certain harmful images, specifically non-consensual intimate photos and AI-generated deepfakes, within 48 hours of a victim filing a complaint. The company can face serious penalties from the US Federal Trade Commission if it does not comply.
Now think about what encryption means in that context. If your messages are sealed, the platform literally cannot scan them. It is technically impossible. A company cannot detect illegal content inside messages it cannot read. By removing encryption before that law kicks in, Instagram gives itself the ability to run the automated scanning the law demands.
Meta has not said publicly that these two things are connected. But the timing has not gone unnoticed, and pretending it is just a coincidence requires a fairly generous reading of events.
What Happens To The Old Encrypted Chats
This is the part that is still not entirely clear, and that matters if you did use the encryption feature.
Cybersecurity expert Josh Maugans explained the situation plainly to Fox 32 Chicago. Your old encrypted chats could go one of two ways. Either they get folded into your regular chat flow and become visible to the platform going forward. Or they get deleted entirely. Instagram has not made an official call on this publicly, which is why the advice from security experts has been: download them now, while there is still a chance.
Instagram has a built-in download option inside the app for exactly this. If you had the lock icon on any of your chat threads, open the app, find those threads, and use the in-app backup tool to save a copy of your messages and any files shared in those conversations.
But here is something people are getting wrong. Downloading the backup is not enough on its own. If you then turn around and upload that backup file to Google Drive or iCloud, you are uploading it in a plain, unencrypted form. The protection is gone the moment it touches a cloud server. Keep it on your phone or your personal laptop. Nowhere else if privacy is actually the goal.
How To Know If You Were Even Affected
Simple check. Open Instagram. Go to your DMs. Look at your chat threads. Did any of them have a small padlock icon visible? If yes, those were your encrypted chats and you should download them today. If you never saw any lock icon on any thread, your messages were already unencrypted and today changes nothing for you in practical terms.
Still, some users will need to update their Instagram app before the download tool becomes accessible. Worth checking your App Store or Play Store for a pending update before anything else.
Who Is Actually Pushing For This, And Why
The removal of encryption from Instagram did not happen because Mark Zuckerberg woke up one morning and decided privacy was overrated. There has been sustained, loud pressure from law enforcement agencies across multiple countries for years.
The FBI, Interpol, the UK’s National Crime Agency, Australian federal police, all of them have publicly pushed against encryption on social media platforms, arguing that it creates blind spots that investigators cannot work around when tracking serious crimes. Child safety organisations have made the same argument. Their concern is real: encrypted spaces have genuinely been used to distribute illegal content involving minors, and investigators have had their hands tied.
But the counter-argument is also real. The same encryption that shelters bad actors also protects journalists talking to whistleblowers, activists organising in countries where that is risky, domestic abuse survivors communicating with support networks, and ordinary people who simply want their private conversations to stay private. Taking away the lock because some people misuse it is a bit like removing all curtains from homes because criminals sometimes hide behind them.
Tom Sulston from Digital Rights Watch raised another angle with The Guardian. Money. Without encryption, Meta can technically use message content to sharpen its advertising targeting and train its AI systems. Meta says it has no plans to do this. The capability exists regardless of the plan.
There Was Another Way. They Chose Not To Take It
One thing worth knowing: removing encryption entirely was not the only option on the table.
There is a technique called client-side scanning. In this approach, your device checks messages against a database of known illegal content before the message is encrypted and sent. The platform never reads your messages directly. It only gets flagged if something matches the known harmful content list. Apple looked at this seriously in 2021, built something close to it, then shelved it after privacy advocates raised concerns about where that kind of scanning capability could eventually lead.
The technology works in theory. It is genuinely difficult to build well. But it existed as an option. Meta did not pursue it. Instead, they offered encryption as a feature almost nobody could find, watched it fail to get adopted, and are now pointing at those low adoption numbers to justify the removal. That sequence of events, as one digital forensics analyst wrote in a detailed piece, looks less like a product decision and more like an engineered exit.
So Where Should Indians Chat If They Want Actual Privacy
WhatsApp still uses end-to-end encryption by default. It is also owned by Meta, which is worth keeping in mind. The company that just removed encryption from Instagram is the same one that currently promises it on WhatsApp. Whether that promise holds long-term is a question without a definitive answer today.
Signal is the option most security researchers point to when the question is serious. It is a non-profit. Its code is publicly available, meaning independent experts can verify its security claims, and they regularly do. It is free, available in both the Google Play Store and Apple App Store, works on any phone. For anyone in India who genuinely needs private communication, it is the clearest answer available.
Maugans put it simply. If privacy is actually your goal and not just a preference, move your sensitive conversations off Meta’s platforms entirely.
What This Means For India Specifically
India has more Instagram users than almost anywhere else on earth. For a huge chunk of those users, especially younger people in their teens and twenties, Instagram DMs function as a primary messaging app. Not a secondary one. The primary one. They use it the way an older generation uses SMS.
Those users have almost certainly been messaging without encryption this whole time. Today does not change their technical situation. But it does change the transparency of it. Instagram DMs are now, with no ambiguity, a communication channel that the company behind it can read. That puts them in the same category as email, Facebook Messenger, Twitter DMs, and every other major platform that has never offered meaningful encryption.
That is not a reason to panic. It is a reason to be clear-eyed.
The internet has always been less private than people imagine. End-to-end encryption, where it exists, is the exception. Open, readable-to-the-platform communication is the norm. Instagram DMs are now firmly in that second category. You are not doing anything wrong by using them. Just be aware of what they are.
And if you ever needed a private conversation to stay private, now you know which app to use for it. It is not Instagram.
Stay ahead with Hindustan Herald — bringing you trusted news, sharp analysis, and stories that matter across Politics, Business, Technology, Sports, Entertainment, Lifestyle, and more.
Connect with us on Facebook, Instagram, X (Twitter), LinkedIn, YouTube, and join our Telegram community @hindustanherald for real-time updates.
Tech writer passionate about AI, startups, and the digital economy, blending industry insights with storytelling.
- Neeraj Kapoor
- Neeraj Kapoor
- Neeraj Kapoor
- Neeraj Kapoor
Kavita Iyer and Neeraj Kapoor