Earlier this month, Meta, the company behind Instagram, Facebook, and WhatsApp, confirmed it would be removing end-to-end encryption (E2EE) from Instagram’s direct messaging feature. While this may appear to be a minor technical update, we spoke to Metro about why we believe users should be taking it seriously.
According to our Chief Information Officer, Kamran Bahdur, the implications are clear: ‘Messages sent via Instagram are not fully as private as you may think. Without encryption, Meta can access, scan, store, and display message content,’ he told Metro. ‘Messages can also be used for AI purposes [to train large language models].
What is end-to-end encryption?
End-to-end encryption (E2EE) is a security measure that ensures a message can be read only by its sender and the person who receives it. This means that the platform used to send and receive the message, and, by extension, the company that operates it, cannot access your message. In 2023, amid growing privacy concerns, Meta introduced end-to-end encryption (E2EE) on Instagram as an opt-in feature, but recently removed the feature, citing low uptake among users as the reason for its removal.
Why does this matter?
Instagram messages are used for a wide range of personal and professional conversations. Many users have reasonably assumed that their messages are private, but following this change, that is no longer the case.
Messages sent between users can be accessed by the platform and may be subject to data processing, storage, and use that users may not have consented to. The content of messages can also be used to train LLMs as platforms invest heavily in AI.
How can you protect your privacy?
The news is a clear signal that users who wish to keep their communication private need to take measures to change their behaviour. Our security experts recommend the following practical steps to ensure your messages remain private.
Be mindful of what you share.
Avoid sharing any confidential information, such as your financial details, passwords, or sensitive personal data, on unencrypted messaging platforms.
Switch platforms for sensitive conversations.
Look for alternative messaging platforms to Instagram that provide E2EE by default, such as WhatsApp Messenger, to ensure your privacy and a more secure service.
Review your Instagram privacy settings.
While encryption is no longer available on the platform, it is worth ensuring your account settings reflect your data-sharing preferences.
Understand how your data is used.
Regularly reviewing Meta’s data policies, which are updated periodically, helps you stay informed about how your data is used.
Ultimately, the removal of E2EE from Instagram is a meaningful change to how user data is handled on the platform, and one that organisations should factor into their broader approach to data security. If your organisation has questions about data security, our team is here to help. Get in touch to find out how FLR Spectron can support you.