CybersecurityPrivacy & Surveillance

Meta Reverses Instagram Encryption Stance

Analyst 207||Source: TheRegister
Smartphone screen with blurred chat interface on a neutral desk background.

Direct messages on Instagram are now stored and transmitted in plaintext, a reversal of the company's previous insistence that end-to-end encryption was the platform's future — a change The Register framed bluntly as a decision that "handed [Meta] full visibility into user chats once again."

Meta reverses Instagram encryption plan

The Register reported that Meta has abandoned its prior push to put end-to-end encryption (E2EE) at the center of Instagram messaging. The reporting describes a clear shift: Instagram DMs are no longer being protected by the E2EE model the company had promoted for years. The piece uses the nickname "Zuckcorp" when describing the company and states that this step restores the firm's ability to read user conversations.

From end-to-end encryption to plaintext DMs

The change as reported replaces the previously promised or pursued E2EE architecture for Instagram direct messages with plaintext handling. The Register's coverage frames that shift as a U-turn: after years of public messaging that E2EE represented "the future of online comms," Instagram messaging has moved back to a state in which the platform itself can see message contents. The language in the piece is direct: DMs "go plaintext."

What "full visibility into user chats" means, as reported

According to The Register's description, the practical outcome of the reversal is that the company once again has the ability to access the contents of private chats on Instagram. The headline and subline link the technical status of messages — plaintext versus E2EE — directly to the operational capability of the firm to inspect or process those messages. The Register's framing emphasizes the contrast between the company’s prior public position on encryption and the current technical posture.

How end users, technologists, and policymakers are implicated

  • End users: The Register’s report places user-facing privacy at the center of the story by noting the rollback of end-to-end encryption. That change, as described, alters who can read the contents of Instagram DMs: the platform itself now has visibility that E2EE would have prevented.
  • Technologists and security teams: For those building or defending messaging systems, The Register highlights a substantive architectural switch — from an E2EE model to plaintext handling — which shifts where message processing and access occur and which entity holds readable copies of communications.
  • Policymakers and regulators: The piece frames the move as a reversal of a long-stated company position, which bears on public expectations and scrutiny. The Register’s account underscores a change in practice that may factor into regulatory or oversight conversations because it changes how private communications are handled at the platform level.

A pointed observation

The Register frames the episode as more than a technical tweak: it is a repudiation of a long-promised direction. The reporting contrasts a period in which Meta publicly favored end-to-end encryption with the present state in which Instagram direct messages are plaintext and the company — described in the piece as "Zuckcorp" — once again has full visibility into those conversations. That contrast is the central factual throughline the source supplies.

Original story

Data ProtectionEmerging ThreatsMetaPrivacySurveillanceEnd-to-End EncryptionInstagramPlaintextMessaging Security
Related Intelligence

Continue Reading

Modern software development setting with a laptop displaying a graphical interface on a neutral surface.

Microsoft Fixes AutoGen Studio Flaw That Enabled Code Execution

Microsoft swiftly squashed a potential code execution flaw in AutoGen Studio, ensuring the vulnerable code never made it to users via a PyPI release. The fix addressed a sneaky three-part vulnerability chain, dubbed AutoJack, that could have been exploited to run malicious code.

Analyst 207
Professional surrounded by technology and learning materials in a bright room.

Cybersecurity Readiness Revolution Gains Momentum

The traditional cybersecurity certification approach is no longer enough - we need a culture of lifelong learning where professionals continually upskill and reskill to stay ahead of evolving threats. Dan Magnotta, Senior Federal Business Development Manager at Hack The Box, is leading the charge towards an active-readiness revolution.

Analyst 207
Rows of computer servers and storage equipment in a brightly-lit data center or server room.

Dify Vulnerabilities Expose AI Chats Across Tenants

Researchers have uncovered four critical vulnerabilities in Dify, a popular AI platform with over 146,000 GitHub stars, that could allow attackers to read sensitive AI conversations across different customer applications without needing authentication. These flaws, collectively known as DifyTap, expose a broad attack surface due to Dify's default multi-tenant setup.

Analyst 207
Technicians work in a dimly lit server room with rows of racked equipment.

Squid Proxy Bug Exposes Cleartext HTTP Requests

A newly discovered bug, dubbed Squidbleed, has been found in the popular Squid web proxy, allowing attackers to intercept sensitive HTTP requests and steal valuable credentials. This 20-year-old vulnerability, traced back to a 1997 FTP-parsing change, still affects Squid's default configuration.

Analyst 207