Instagram on Friday switched off the default end-to-end encryption it rolled out to direct messages in 2023, in what the company described in a short blog post as a "platform safety evolution" and what cryptographers, privacy regulators, and more or less everyone who has used the word "encryption" in a sentence called by its correct name: a U-turn.

The decision reverses three years of engineering work. When Meta CEO Mark Zuckerberg first announced the rollout of end-to-end encryption across Messenger and Instagram DMs in late 2023, he framed it as the single largest privacy upgrade in the history of social messaging. A billion conversations a day, the company said at the time, would become readable only by the two people actually having them. On Friday, that commitment became a footnote.

What changed, in plain language

As of Friday, new Instagram direct messages are no longer encrypted end-to-end by default. Existing encrypted threads will remain readable only to their participants, but any new thread opened today reverts to Meta's older server-side model — meaning Meta itself, operating the platform, can now read the plaintext of messages in transit and at rest. Users can still manually opt into an end-to-end-encrypted thread via a setting, but the default is off, and the setting is two menus deep.

The company's stated reason, in the blog post, is "child-safety and scaled-harm detection." That justification is not new. What is new is the unstated reason every AI researcher in the Valley brought up within an hour of the announcement: Meta's newest Llama-family models, which the company is betting the next product cycle on, cannot be trained on or meaningfully applied to conversations they cannot read. Encrypted DMs are a black hole for content moderation, and they are also a black hole for model improvement.

The regulators react

The UK's Information Commissioner's Office called the move "a significant retrograde step for the privacy rights of millions of British users" in a statement Friday afternoon. The Irish Data Protection Commission, which supervises Meta's European operations under GDPR, said it was "seeking urgent clarification" — the phrase Irish regulators use when they are about to open a formal inquiry. In the United States, Senator Ron Wyden, one of the most reliable congressional critics of Meta's privacy record, called the decision "a gift to every authoritarian government on Earth."

Cryptographer Matthew Green, of Johns Hopkins, was more technical and more blunt on X: "They spent three years convincing users end-to-end encryption was the floor. Today they made it the ceiling, and the ceiling is optional."

What this means for the Meta AI strategy

The quiet context, for anyone watching Zuckerberg's year, is that Meta has been increasingly public about wanting to train its frontier models on what internal slides reportedly call "the world's largest conversational corpus." That phrase refers to the trillions of messages and posts Meta's platforms generate each week. Encrypted DMs have been, since 2023, the one major Meta data source that was legally and technically out of reach. Turning encryption off by default solves that problem in a single product decision, and it does so under the cover of the child-safety language that has the most bipartisan political support.

Our take

This is not a content-moderation decision. This is a training-data decision wearing a content-moderation costume. Meta needs the messages because its AI road map needs the messages, and Friday's policy change is the quietest, most deniable way to get them. The remarkable thing is not that Meta did this. It is that Meta did this on the same day a hantavirus cruise ship, a collapsed Victory Day ceasefire, and a hotter-than-expected US jobs report were all competing for headlines. That was not an accident either.