Instagram users who rely on Direct Messages (DMs) for business, content creation, or personal communication should take note: Meta has removed end-to-end encryption (E2EE) from Instagram DMs. Effective May 8th, 2026, the company can now access the content of private messages that were previously protected. The move has sparked questions about the handling of existing encrypted chats and comes just days before the ‘Take It Down Act’ — a federal law targeting non-consensual intimate images and deepfakes — takes full effect on May 19th, 2026.
This change affects users who enabled Instagram’s optional end-to-end encryption (E2EE) feature for Direct Messages. According to a recent report from Fox 32 Chicago, and digital privacy expert named Harry Maugans, most users never turned it on. The timing is notable: the move took effect just days before platforms must implement compliant removal systems under the Take It Down Act—a federal law signed in May 2025 that requires online platforms to remove non-consensual intimate images and deepfakes within 48 hours of a victim’s report.
What is End-to-end Encryption?
End-to-end encryption is a security measure that scrambles message content so only the sender and recipient can read it. The platform itself cannot access the contents—similar to a sealed envelope, where the postal service can see the sender and recipient but not what’s inside. Since May 8th, 2026, Meta can now view the contents of those previously encrypted messages. Not sure if you had it enabled? Users who activated the feature would have seen a lock icon next to their Direct Message threads. Harry Maugans, expressed uncertainty about what will happen to existing encrypted chats now that the deadline has passed. He strongly recommended downloading your encrypted messages and media as soon as possible while the option remains available.
“The leading theories are either the messages are going to become public and join the rest of your chat flow, or the messages might just be deleted, which is why they’re saying download your encrypted messages while you still can.”
Harry Maugans, Digital Privacy Expert
This post contains affiliate links, which means that if you click on one of the product links and make a purchase, we’ll receive a percentage of the sale. Whatever purchase through the affiliate links helps the site.
Maugans also advised caution when storing downloaded data:
“If you turn around and upload that downloaded chat backup to Google Drive or iCloud or any other cloud provider, you’re uploading the unencrypted raw version of these chats. If your whole purpose was to keep it out of the hands of data brokers, be cognizant of where you store that backup file.”
Harry Maugans, Digital Privacy Expert
What is the TAKE IT DOWN ACT?
The Take It Down Act (or Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act), also known as S.146 was signed into law on May 19, 2025, as Public Law 119-12. The law requires online platforms to establish a process for removing non-consensual intimate images and deepfakes within 48 hours of receiving a valid report from the victim. It also creates new federal criminal penalties for the nonconsensual publication of such content.
Read the full text of the Bill listed here: S.146 – TAKE IT DOWN Act | Congress.gov
Platforms were given a year to comply, with the removal system deadline falling on May 19th, 2026— which makes the timing of Meta’s decision to drop E2EE on Instagram DMs particularly notable.
Safer Alternatives for End-to-end Encrypted Messaging:
If you’re looking for stronger privacy protections for your conversations, consider switching sensitive chats to messaging apps that offed default end-to-end encryption (enabled automatically, without needing manual activation):
- Signal: The top recommendation by privacy experts. It offers strong end-to-end encryption, disappearing messages, screen security, and minimal data collection. Completely free and open-source.
- WhatsApp– It also provides end-to-end encryption by default for all chats and calls. It is a convenient option since people already use it, though it is owned by Meta and collects more metadata than Signal.
- iMessage (Apple Users)- this includes E2EE between Apple devices,when both parties are using iMessage (indicated by blue bubbles).
- Threema — A paid Swiss-based service known for strong privacy protections and minimal user data requirements.
DISCLAIMER: The recommendations above are for informational purposes only. Privacy features and policies can change over time. Users should conduct their own research and evaluate each app based on their specific needs before switching.
Source: FOX 32 Chicago, Instagram Help, Congress.gov
Thanks for reading! If you have any suggestions, news tips, or questions, email them to: webmaster@bigrednerd.com.
Follow Me on Social Media!
Red's Nerd Den 