If you use Instagram to send private messages, here is something important you need to know: from May 8, 2026, those messages will no longer be protected by end-to-end encryption. Meta confirmed the change through an update to its platform documentation, and the feature had already been removed for some users in Australia before the announcement was widely covered. This guide explains what the change means and what you can do about it.
End-to-end encryption means that only the sender and the intended recipient can read a message. The platform or app transmitting the message cannot access its content. Without encryption, the platform — in this case, Meta — can technically access your messages. This is the change being made to Instagram DMs from May 8.
Does this mean Meta will read your messages? Not necessarily. There is a difference between having technical access to message content and actively monitoring conversations. But the technical protection that prevented Meta from accessing your DMs — even if it wanted to — will be gone. And the commercial incentive to use that access, through advertising systems and AI development, is significant.
What should you do? If the privacy of your direct messages matters to you, the most practical step is to move sensitive conversations to a platform with default encryption. WhatsApp — owned by Meta — offers end-to-end encryption by default and is the easiest transition within the Meta ecosystem. Signal is independently operated and widely regarded as the most private messaging option available. iMessage encrypts conversations between iPhone users.
For general social conversation, Instagram DMs may still be adequate — but users should now make that choice consciously rather than by assumption. The key change is that assumption of privacy has been removed. Treating Instagram DMs as you would treat any non-private digital communication — email, for example — is the most appropriate adjustment. Decide what you share in those conversations accordingly.
