Meta Hid the Lock, Then Said Nobody Used It

There's a version of this story where Meta made a good-faith effort and the market just didn't respond. That's not this story.

According to coverage flagged by MacRumors, end-to-end encryption for Instagram direct messages is gone as of today. The reason Meta offered to The Guardian: not enough people used it. What the coverage also notes — and what makes that justification so revealing — is that Meta never turned it on by default, never notified users it existed, and required anyone who wanted it to activate it manually, per conversation, inside a buried setting. The feature was also never fully rolled out.

So: they hid it, didn't tell anyone about it, made it require repeated manual effort, and then cited low adoption as the reason to kill it. That sequence of decisions isn't a product failure. It's a controlled demolition.

The Adoption Argument Is Doing Heavy Lifting

Low adoption is a legitimate reason to retire a feature — when you actually tried to drive adoption. Default-on is how you drive adoption. A notification banner is how you drive adoption. A setting that persists across conversations instead of resetting each time is how you drive adoption. None of those things happened here.

What happened instead is a company that added encryption as an option, ensured that option was as inconvenient as possible to actually use, watched the numbers stay low, and then used those numbers as cover. It's a tidy circle. You could run that playbook on almost any feature you wanted to disappear.

The uncomfortable part isn't even the removal itself. People can debate the tradeoffs between encryption and content moderation, between user privacy and platform responsibility. Those are real tensions and reasonable people land in different places. The uncomfortable part is the framing — the suggestion that users made a choice when the architecture of the product made sure they'd never really have to.

What Meta Can See Now

With encryption gone, Meta can potentially access the content of Instagram DMs. The MacRumors piece notes that this information can be shared with law enforcement agencies worldwide. That's not a hypothetical threat — it's the documented shape of how these systems work when they're not encrypted. Governments make requests. Platforms comply or fight. Without encryption, there's something to hand over.

For most people sending most messages, that probably feels abstract. And for most messages, it probably is. But the people for whom it isn't abstract — journalists, activists, people in countries where the wrong conversation carries real consequences — they were the ones who needed default-on encryption the most. They were also the least likely to find a buried per-conversation toggle.

That's not an accident of product design. That's product design.

The tech industry has spent years trying to make privacy sound like a core value. Sometimes it is. But when the choice comes down to encryption and the ad-targeting model that depends on knowing what people say to each other, the outcome is pretty predictable. Meta didn't remove this feature because users didn't want it. Meta removed it because the feature, if widely adopted, would have worked exactly as intended — and that was the problem.

Privacy as a headline feature and privacy as an operational reality are two different products. Today, one of them got discontinued.