On May 8, 2026, Meta removed end-to-end encryption from Instagram Direct Messages, a significant shift occurring as the company simultaneously introduced new "Incognito Chat" privacy features for its Meta AI assistant within WhatsApp. This dual approach creates a confusing picture for users attempting to understand their digital privacy.

WhatsApp now promotes a new Incognito Chat mode for Meta AI, built on a system called Private Processing. WhatsApp's announcement calls Incognito Chat "Truly private — no one can read your conversation, not even us." When initiated, these chats create temporary conversations where messages are not saved and disappear by default. Meta describes this as a space "to think and explore ideas without anyone watching." BBC News confirmed these AI chats are text-only and operate in a sandboxed environment, separate from standard end-to-end encrypted messaging with other people on WhatsApp. Meta also prepares "Side Chat," allowing Meta AI invocation inside other WhatsApp chats, using this Private Processing infrastructure to claim AI assistance without breaking underlying encryption.

This contrasts sharply with Instagram's decision to eliminate optional end-to-end encryption for Direct Messages. Users who had previously enabled the feature received notices stating that "end-to-end encrypted messaging on Instagram is no longer supported as of 8 May 2026." They were prompted to download backups of their encrypted conversations before the cutoff date. End-to-end encryption ensures only the sender and recipient can read their exchanges. Instagram had offered this as an opt-in feature since late 2023, but it remained buried deep within individual conversation settings and was never enabled by default.

Meta explained the shutdown by citing low adoption rates, claiming "very few people" used encrypted DMs and that maintaining a separate encrypted system added complexity. Critics quickly pointed out the circular logic. The company had hidden the feature and never advertised it. Now, it uses the resulting low adoption as a reason to discontinue it, rather than making it more accessible or turning it on by default.

From a user's perspective, the result is complex. One Meta product now introduces stronger privacy for AI chats, while another removes a feature that genuinely prevented Meta from accessing private conversations. "Incognito" and "private" function as marketing terms, but end-to-end encryption stands as a technical guarantee. For users concerned with security, this split means not all Meta chats offer the same level of protection.

WhatsApp continues to offer end-to-end encryption for person-to-person messages and adds optional privacy features around its AI. Instagram DMs, however, should now be considered readable by Meta and potentially accessible to law enforcement, advertisers, or attackers who gain entry to Meta's systems. The privacy risks associated with AI chats have also become apparent, with conversations appearing in search results unexpectedly and lawsuits arising from undesirable AI-generated outcomes.

Users should treat Instagram DMs with minimal privacy expectations. Assume Meta can read and scan messages, and that content might be accessed under legal orders or during a data breach. Do not send sensitive information like passwords, recovery codes, banking details, or compromising photos over Instagram. When asked to move a conversation to Signal, WhatsApp, or another end-to-end encrypted messenger, consider the reason. It makes sense for financial details, personal images, or health information. But scammers also favor encrypted platforms because they are harder to monitor. Do not confuse "incognito" AI chats with full end-to-end encryption. WhatsApp's Incognito mode for Meta AI improves privacy over standard cloud AI chats, but it remains a conversation with a large language model owned by the same company that runs the platform. Share only what you are comfortable entrusting to Meta. Regularly review your privacy and security settings, check logged-in devices, and enable two-factor authentication on all critical accounts.