As law enforcement agencies scramble to address threats of terrorism, child sexual abuse, and human trafficking—and repressive governments around the world look to broadly expand their surveillance capabilities—researchers fear that Meta’s retreat from its commitments to protect user privacy with end-to-end encryption on Instagram chat could create a problematic precedent in big tech.
Meta spent the better part of a decade working to deploy end-to-end encryption by default across all of its chat apps. It was a saga—fraught with both technical and political hurdles. But in December 2023, the company declared victory, announcing default end-to-end encryption for Messenger and promising that it was in testing to roll out for Instagram Direct Messaging as well. In the end, though, end-to-end encryption only came to Instagram chat as a backwater opt-in feature. And as threats to end-to-end encryption from governments around the world loom larger than ever, Meta quietly announced last week that it intends to eliminate the feature from Instagram chat entirely on May 8.
Crucially, few companies have the scale and stability needed to stake out an influential pro-end-to-end encryption position. And an even smaller group—namely, Meta and Apple—have made it a priority. Experts say that Meta’s decision about Instagram chat could give other companies, or even simply other divisions within Meta, permission to do less, too.
“Meta’s deployment of encryption was a public commitment, and they were weathering a lot of pressure from various governments to do it,” says Johns Hopkins cryptographer Matt Green, who has consulted for Meta over the years on its end-to-end encryption rollout as both an unpaid advisor and paid reviewer. “Public commitments to support privacy features are literally the only thing that we the public have. If they’re worthless, then why should we assume we’ll continue to have end-to-end encryption in Messenger and WhatsApp?”
Meta’s decision to revoke end-to-end encryption for Instagram chat seems to have been particularly alarming for researchers and privacy advocates because of the company’s stated reason for the change: low user adoption.
“Very few people were opting in to end-to-end encrypted messaging in DMs, so we’re removing this option from Instagram in the coming months,” a Meta spokesperson told WIRED and other outlets. “Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp.”
The statement struck many as disingenuous given that Meta emphasized for years that it was committed specifically to default end-to-end encryption, not the opt-in version that ultimately emerged for Instagram chat buried behind layers of menus.
“Designed the feature so nobody could find it, killed it for not being easy enough to find and, therefore, unpopular. It’s deeply cynical,” says Davi Ottenheimer, a longtime security executive and creator of the post-quantum cryptography assessment tool pqprobe.
Johns Hopkins’ Green adds, too, that Meta originally rolled out opt-in encryption for Messenger and seemingly learned the lesson about the need for default implementation from low adoption in that trial.
“This is a Meta post where they publicly commit to default encryption in Instagram chat. Then, seemingly without even looking back over it, they add an update to the top that implies that it was optional encryption, and blames lack of opt-in as the reason they need to remove this feature,” Green says. “Nothing about this is honest. They know what they promised.”
WIRED gave Meta multiple opportunities to comment for this story, but the company ultimately declined.
In a key 2019 treatise laying out his vision for privacy and security across Meta’s properties, CEO Mark Zuckerberg wrote, “I understand that many people don’t think Facebook can or would even want to build this kind of privacy-focused platform—because frankly, we don’t currently have a strong reputation for building privacy-protective services, and we’ve historically focused on tools for more open sharing.” But, he added, “we’ve repeatedly shown that we can evolve to build the services that people really want, including in private messaging and stories.”
