Who will be able to see my Instagram messages after the change?

After the change, Meta, your ISP, government agencies, and anyone monitoring your local network, such as a public Wi-Fi operator, could potentially access your Instagram DMs.

What does end-to-end encryption actually mean?

End-to-end encryption means only the sender and recipient can read a message, so not the platform, ISP, or anyone intercepting traffic in between can access it.

Can a VPN prevent Meta from reading my Instagram messages?

No, a VPN cannot stop Meta from reading your Instagram DMs because once a message reaches Meta's servers, Meta has access to it regardless of VPN use.

What protection does a VPN still offer after this change?

A VPN can protect your data in transit by preventing your ISP from seeing your activity and stopping anyone on a public Wi-Fi network from intercepting your data, while also masking your real IP address.

Instagram Is Dropping Encryption: What You Need to Know

Meta is removing end-to-end encryption from Instagram direct messages starting May 8. If you use Instagram to share anything personal, from private conversations to sensitive photos, this change matters. Your messages will now be visible to Meta, internet service providers, and potentially government agencies. Understanding what you lose, and what you can still protect, is the first step toward keeping your data your own.

What End-to-End Encryption Actually Does

End-to-end encryption (E2EE) means that only the sender and recipient can read a message. Not the platform, not your ISP, not anyone intercepting traffic in between. When it works properly, even the company running the service cannot read what you send.

When Meta removes this protection from Instagram DMs, your messages will travel across the internet in a form that Meta can read, store, and potentially share with third parties or law enforcement upon request. It also means the data passing between your device and Meta's servers becomes more exposed to anyone monitoring your network connection, including your ISP.

This is not a minor tweak to Instagram's settings. It is a meaningful rollback of a privacy protection that many users may not have realized they had.

Who Can See Your Messages After May 8

Once end-to-end encryption is gone, the list of parties with potential access to your Instagram DMs grows significantly:

Meta itself can read message content, which feeds into its advertising and data profiling operations.
Your ISP can see unencrypted traffic passing through its network, depending on how the data is transmitted.
Government agencies can request message data directly from Meta or potentially intercept unencrypted traffic at the network level.
Anyone on your local network, such as a public Wi-Fi operator, could also be positioned to observe unencrypted data in transit.

This is the surveillance ecosystem that expands every time a major platform quietly downgrades its privacy standards.

What a VPN Can (and Cannot) Do Here

It is worth being direct about this: a VPN cannot stop Meta from reading your Instagram DMs. Once your message reaches Meta's servers, Meta has access to it. That is a platform-level issue, not a network-level one.

What a VPN does do is protect the journey your data takes before it gets there. When you connect through a VPN, your internet traffic is encrypted between your device and the VPN server. This means:

Your ISP cannot see that you are using Instagram or read the content of unencrypted traffic leaving your device.
Anyone monitoring a public Wi-Fi network cannot intercept your data in transit.
Your real IP address is masked, making it harder to build a profile of your browsing and communication habits based on network-level surveillance.

In a world where platforms are stripping back their own encryption, the network layer becomes a more important line of defense. A VPN fills a gap that Meta has chosen to leave open.

What This Means For You

If you use Instagram casually to share memes or comment on posts, this change may feel abstract. But if you use DMs to share anything you consider private, whether that is personal conversations, financial information, or communications related to work, the calculus has changed.

A few practical steps worth considering:

Move sensitive conversations to apps that still offer true end-to-end encryption, such as Signal. Instagram DMs were never the gold standard for private communication, and they are now less secure than before.
Use a VPN on networks you do not control, especially public Wi-Fi in cafes, airports, or hotels. This protects your traffic regardless of what any individual app does with encryption.
Review what you share in DMs going forward. Treat Instagram messages more like email: potentially readable by the platform and subject to data requests.

Meta's decision is a reminder that privacy on any platform is conditional. Companies can change their policies, and when they do, users are often the last to know.

Keeping Control in a Shrinking Privacy Environment

Instagram's encryption rollback is unlikely to be the last move of its kind. Platforms regularly balance user privacy against business interests, and encryption makes data harder to monetize. The trend toward weaker platform-level privacy protections makes network-level privacy tools more important, not less.

A VPN like hide.me keeps your internet traffic encrypted and your ISP in the dark, regardless of what decisions app developers make on your behalf. It is not a complete solution to the Instagram situation, but it is a meaningful one for the parts of the problem that are still within your control. If you have been thinking about adding a VPN to your privacy setup, a major platform dropping encryption is a reasonable moment to stop putting it off.

You can also learn more about how encryption works and why public Wi-Fi puts your data at risk to get a fuller picture of how to protect yourself online.