End-to-End Encryption Was Removed From Instagram. Should You Care?

You probably weren’t using it anyway (even if you thought you were).

by

Instagram just killed its encrypted DMs. But here's the real story: most people never had it turned on to begin with. If you care about keeping your conversations private, I'll share which apps I recommend.
A split screen: on one side a Corgi at the beach looking at his smartphone displaying the Signal messaging app, on the other side a Corgi in a data center looking pensive and also looking at Signal on his smartphone.
(Image: Gemini)

Meta made news in recent weeks by announcing that end-to-end encryption would be removed from direct messages (DMs) in Instagram.

Sure, that’s news, but it’s not the news you think it is. The real news is that few people, if any, were using it, even if they thought they were.

TL;DR:

Encryption, privacy, and choice

Instagram dropped end-to-end encryption from its DMs, but most people had never turned it on in the first place. It was opt-in, and hardly anyone opted in. If your messages matter to you, use an app like Signal, where encryption is on by default.

End-to-end encryption

End-to-end encryption means that messages are encrypted at the source and can be decrypted only at the destination. This means only you and the person you’re messaging can read the message. This prevents interception by third parties and prevents Meta, the company providing the service, from being able to read your messages.

Standard encryption (as opposed to end-to-end) typically means encrypting your connection to Instagram so the messages never travel unencrypted on the internet. However, once they reach Meta’s server, they’re decrypted and then re-encrypted before being sent on to the recipient. In this scheme, there’s a window where the message is completely visible to Meta.

Now, on the surface, you might not care, thinking you don’t have anything interesting to say. Meta, Facebook, or Instagram is welcome to examine what you might consider inconsequential conversations.

Some issues worth considering:

  • All of your conversations could be exposed publicly if there were a data breach. This is unlikely, but possible.
  • Not everyone is comfortable with Meta possibly using your conversations to profile you in unknown ways and for unknown purposes.
  • Law enforcement could require Meta to turn over your conversations.

End-to-end encryption solves these issues.

Ask Leo! is Ad-Free!
Help keep it going by becoming a Patron.

Related


How End-to-End Encryption Protects Your Messages and Where It Fails

 You would think that for such an important concept as end-to-end encryption there's be some agreement on exactly what it means. Sadly, not so. There's the correct definition, and then there's the marketing definition. One protects you, the other not so much.
#180943

Don’t assume your conversations are encrypted

Most people assume that their conversations are private.  They may even have heard that Instagram supported end-to-end encryption and assume that it was turned on.

It wasn’t. In order for end-to-end encryption to be in play, you had to explicitly turn it on. Most people didn’t realize this, so most didn’t turn it on. In turn, Meta removed the feature completely, claiming that it had a low adoption rate.

Here’s the more important story: it’s not enough for end-to-end encryption to be “supported”. It needs to be turned on. Some apps, like Signal, do this. WhatsApp claims to do the same these days (though there may be other privacy-related issues I’ll address in a moment). Text messaging using SMS is not encrypted at all. Its more powerful replacement, RCS text messaging, is in the process of enabling end-to-end encryption, particularly for cross-platform support (Android to and from Apple), but we can’t assume it’s encrypted right now.

If encryption matters to you, make sure you understand how the app you’re using works, and if it’s not to your satisfaction, choose another that does.

Meta recommends WhatsApp

As it decommissioned encrypted DMs in Instagram, Meta recommended you use WhatsApp (another Meta service) instead, which has end-to-end encryption enabled by default.

There are, of course, issues.

  • WhatsApp is owned by Meta. That’s enough to throw many people off.
  • If you’ve enabled backups, those backups are kept unencrypted.
  • Even though they can’t see the contents of your messages, Meta can see who you’re messaging and can associate your Meta/Facebook profile with your conversations.

Of course, if you’re okay with that, WhatsApp probably has the most users of all three services and is likely already being used by many of your contacts.

On the other hand, if those issues concern you — particularly that last one — then an alternative app like Signal, which goes to much greater lengths to know and track as little as possible about you, might be the way to go.

The EFF (Electronic Frontier Foundation) has a good write-up on using WhatsApp securely: How to: Use WhatsApp.

Does this really matter?

The most important message here is this: if you think you are protected by end-to-end encryption in any service, you might not be. You need to check.

Honestly, for most people, most of the time, it may not matter much. Who we’re talking to and what tool they use is often a greater consideration, though it’s still important to keep in mind what we’re sharing in the conversation.

People who should be concerned include journalists, activists, dissidents, anyone sharing a sensitive personal situation (such as discussions about divorce, or anything that could eventually be “discoverable” by attorneys), and anyone sharing genuinely private information.

Related


Why I’m Switching to Signal

 Signal's the current gold standard in keeping your conversations truly private.
#178123

True end-to-end encryption

For true end-to-end encryption, my recommendation is:

  • Signal. It offers full end-to-end encryption by default. It is open source, nonprofit, and independent of any big tech company. It’s widely regarded as the most trustworthy option. It’s used by journalists and activists the world over.

Other options (note that this is a constantly changing field, so information may change):

  • WhatsApp offers end-to-end encryption, and its enormous user base makes it practical, but it’s owned by Meta.
  • Telegram. This is popular and mentioned often, but end-to-end encryption is used only in “Secret Chats” mode, not in regular chats or group chats.
  • iMessage (Apple) offers end-to-end encryption between Apple devices; it falls back to unencrypted SMS when messaging non-Apple users, though this is changing as RCS interoperability gains traction.
  • Viber uses end-to-end encryption by default for one-on-one messages.
  • Wire uses end-to-end encryption by default. This is a business-oriented service with a smaller user base.
  • Threema uses end-to-end encryption by default. It’s a paid app and doesn’t require a phone number.
  • Session offers end-to-end encryption with no phone number required. There’s no central server, and has a very small user base.

The catch

Regardless of which tools you use, there’s always a catch. Here, there are at least two.

First, you and the people you want to communicate with must use the same app. If encryption is optional, or only available for some functions, you need to ensure you’re all on the same (encrypted) page.

Second, the app you’re using must be able to decrypt messages in order to display them for you to see. That means you’re trusting the app — and the security of your device overall — not to simultaneously squirrel away a copy of the unencrypted data.

Do this

Unless you’re in one of those groups I mentioned earlier who should use end-to-end encryption, don’t panic. Even if you are, just make certain you’re using the tool that meets your privacy needs. When in doubt, I recommend Signal, but there are others as well.1

But above all, understand what protections are provided by the tools you’re using, and act accordingly.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Download (right-click, Save-As) (Duration: 8:29 — 7.8MB)

Subscribe: RSS

Related Video

Footnotes & References

1: This is a topic that often spurs vigorous debate in the comments. If you’re curious, comments on the YouTube video should be interesting.

2 comments on “End-to-End Encryption Was Removed From Instagram. Should You Care?”

  1. I prefer to use Signal, but the reality is, 99% of everyone I know uses WhatsApp. WhatsApp is the practically default messaging app in Europe, pretty much replacing SMS, especially for international calls and messaging. I also use Facebook messenger. I can message anyone on Facebook and I don’t need my phone to be online to use it on my computer. Otherwise I use Signal with anyone in my Signal phonebook. Signal adds every on from my phone’s contacts. Just be careful not to add any journalists to your signal chat.

    Reply

  2. I have several messaging apps installed: WhatsApp, Telegram, Viber (on my older phones sitting in my junk drawer), and Tox. I installed them because of those friends who only use those apps. The ones I use regularly are Signal, WhatsApp, Facebook messenger, and SMS, depending on what the other person uses.

    I have one paranoid friend who insists on Tox (qTox for computers or Antox for Android). It’s an essential app if you are a tinfoil hat, Antivax, TOR on Linux user.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.