Here is the fundamental question: when a company tells you a privacy feature went unused, and then immediately removed it rather than promoting it, are you supposed to believe the feature was unwanted? Or that the company never wanted you to use it in the first place?
Meta announced that end-to-end encryption on Instagram will no longer be supported after May 8, 2026. The explanation was spare. A Meta spokesperson said the feature was being retired due to low adoption, with very few people opting in to end-to-end encrypted messaging in DMs. The company then directed users to WhatsApp if they wanted privacy.
This explanation deserves serious scrutiny. Not because it is false, but because it is incomplete in a way that reveals something important about how platforms manage the privacy-safety trade-off.
The Adoption Problem That Meta Created
Unlike WhatsApp, Meta never made encryption available to all Instagram users and it was never a default setting. Instead, users in some areas had the ability to opt-in to encryption on a per-chat basis. This is not a small design choice. Instagram got opt-in encryption in select regions starting in 2021, with users in Ukraine and Russia getting access during the 2022 conflict.
Consider what this means. A feature that requires users to manually enable it in settings, available only in certain regions, never promoted—and then blamed for failing to achieve adoption. The feature was buried, never default, and only available in select regions. This is not evidence that users did not want encryption. It is evidence that Meta designed a system where discovery would be difficult.
The contrast with WhatsApp is telling. WhatsApp has had default end-to-end encryption since 2016, meaning all conversations are automatically protected without user intervention. That platform has no adoption problem. When encryption is the default, people use it. When it is buried in settings in selected regions, they do not find it.
What the Safety Arguments Actually Reveal
But the adoption narrative, however circular, may not be the real story. Strip away the talking points and what remains is a regulatory and safety calculation that Meta has not made explicit.
The Take It Down Act, signed into law last year, requires platforms to remove non-consensual intimate imagery including AI-generated deepfakes within 48 hours of a valid request, with enforcement beginning May 19, just eleven days after Instagram's encryption cutoff. This is not coincidence. When Instagram's encryption sunsets, Meta will regain the technical ability to scan and act on the content of users' DMs, reopening the door to automated content moderation, AI-powered scam detection, and easier compliance with law enforcement requests.
The counter-argument deserves serious consideration. Brian Long, CEO of Adaptive Security, argues that these companies have leaned into privacy but that this has also led bad actors to run scams in the background and attack consumers. Law enforcement genuinely cannot investigate certain crimes through encrypted channels. Child safety advocates are not being cynical when they argue that encryption can impede detection of abuse.
These are not trivial concerns. They represent a real tension in technology policy: you cannot simultaneously offer absolute privacy, provide seamless content moderation, and satisfy law enforcement obligations without accepting fundamental compromises.
The Signal This Sends
Yet Meta has chosen to resolve that tension by abandoning its own public commitment. In 2019, Mark Zuckerberg outlined a privacy-focused revamp of the company's apps, saying at the time that implementing end-to-end encryption for all private communications is the right thing to do. Matthew Green, a cryptographer and professor at Johns Hopkins University, flagged the move publicly on social media, pointing out that Meta previously made a very public commitment to rolling out end-to-end encryption as a default on Instagram, not just an opt-in. The company went as far as to conduct a human rights impact assessment in 2022 and found that expanding end-to-end encryption supports a range of fundamental human rights.
This rollback matters beyond Instagram. This is the first time a major platform has ever rolled back encryption protections, and it is a worrisome sign for the future of private communications. When the largest social platforms begin treating encryption as optional, then disposable, the precedent becomes the permission. Other platforms will follow. Regulators in other jurisdictions will use this as evidence that encryption can be withdrawn when policy priorities shift.
Consider the broader picture. In March 2026, TikTok publicly announced it would not implement end-to-end encryption for direct messages at all. Both companies are choosing the same path: surrender user privacy to avoid regulatory friction.
The Genuine Complexity
What emerges from this is not a simple story of corporate villainy or regulatory overreach. It is a genuine collision of legitimate values. Child safety is not a false concern invented to justify surveillance. Scam detection and law enforcement cooperation serve real purposes. At the same time, privacy advocates are correct that once encryption is removed, the door opens to uses beyond the stated purpose. Without more explanation, the decision to drop end-to-end encryption raises new questions about how Instagram chats will be handled going forward, including whether private messages containing photos and other sensitive information could become accessible to Meta and analyzed for advertising and AI training, or shared with third parties.
The error Meta made was not in choosing safety over privacy—reasonable people disagree on where that balance should lie. The error was in pretending the choice was driven by user preference when it was driven by regulation and platform safety obligations. Say that plainly, and the debate can proceed on honest ground. Blame users for not finding a buried setting, and you insult the intelligence of the people affected.
Voters and users deserve better than that.