Last month, Meta announced that it would terminate the end-to-end encryption (E2EE) feature for Instagram DMs on May 8.
I don’t personally use Instagram DMs, but given its massive user base, I expected at least some outcry. Instead, beyond the usual voices from “privacy hardliners” like Proton and Mozilla, there hasn’t even been a ripple on social media. I couldn’t find a single complaint, let alone any talk of a boycott.
I’m not just talking about a lack of discussion within my own echo chamber or the algorithm failing to show it to me. Even when I deliberately searched for it, I found nothing in the Chinese-speaking world. Not only was there no search result, but I actually found many older videos teaching people how to turn off end-to-end encryption.
While my view on privacy remains unchanged, I must admit I’ve had to reflect: Meta is simply satisfying human nature and providing exactly what users want. However, after that reflection, the work of public outreach must continue to ensure that user choices are made out of free will, rather than ignorance or information asymmetry.
Encrypted for everyone… except me
First, let’s re-explain the concept. End-to-end encryption, as the name suggests, means that a message is encrypted throughout its journey from the sender to the receiver. In other words, only the sender and the receiver can read it. The intermediaries responsible for passing the message—including Meta itself—cannot read the content.
The concept of E2EE is easy to understand, but many people are confused about which communication tools actually use it and which do not. The classic example is Telegram. It has a very positive image, as if its privacy is very high, but in fact, general chats—the vast majority—do not have E2EE.
In most cases, when a service like Telegram is not end-to-end encrypted, it’s not that the service isn’t encrypted at all, but rather that the encryption method isn’t end-to-end. It’s “encrypted for everyone, except for me [the service provider].” This is the case for Telegram, for WeChat, and soon, it will be the case for Instagram as well. Many people choose to believe that Telegram will defend user privacy. But what about Tencent? What about Meta?
People who believe Telegram is very private are trusting that Telegram won’t—not that it can’t—decrypt their messages. I don’t question the integrity of Telegram’s founder or its team. The problem is that we cannot rely on the “backbone” of specific individuals to protect user privacy. Any company or organization registered in any country has a legal obligation to cooperate when law enforcement or courts demand it. Even if a founder stands firm, doing so puts them in personal danger. Furthermore, when a company holds the keys to decrypt user messages, those keys could leak due to procedural errors, hacking, or various other reasons.
Regardless of how reliable a founder is, server-side encryption is inherently a bad design. To truly protect user privacy, communication tools must provide end-to-end encryption, and it must be the default.
From the F8 Vision to Removing Encryption
Here’s a joke. In 2019, at the Facebook developer conference F8, Mark Zuckerberg gave a grand speech declaring “The future is private.” He later published a long article titled “A Privacy-Focused Vision for Social Networking,” stating, “I believe the future of communication will increasingly shift to private, encrypted services” and “End-to-end encryption prevents anyone—including us—from seeing what people share.” And so on.
If you took that seriously, you’ve already lost.
Meta’s official reason for turning off E2EE for Instagram DMs is that the feature’s usage rate is extremely low. To be honest, I believe it’s a fact that few people use it, but this is a case of confusing cause and effect. Precisely because Instagram (and Telegram) do not have E2EE as the default, and users have to manually enable the option for specific chats, the usage rate is low. When Meta wants to push Reels or ads, they find every possible way to get them in front of users. Do they really lack the ability to make E2EE the default for Instagram DMs? In the end, it’s not that users chose not to encrypt; it’s that Meta designed it so that users couldn’t encrypt conveniently. Offering the option in 2023 was just a token gesture to appease “privacy buffs.” Packaging the termination of E2EE as a “user choice” is pure PR.
“Defaults” are an incredibly powerful force, especially in internet products. Even if a setting can be changed with a single click, the extra operational and cognitive cost means that 90% of users will stick with the default. In the 90s, Netscape once had over 90% market share. Later, Microsoft made its browser the “default” by bundling Internet Explorer, flipping the entire market share. This triggered the largest antitrust investigation in US history. If Microsoft had explained in court that they only “defaulted” to Internet Explorer and users were free to switch to Netscape, the judge likely wouldn’t have bought it.
So, what is Meta’s true goal? I believe it is twofold: first, to satisfy the desires of various governments, and second (and more importantly), to obtain more data to train AI and for precision ad targeting. In an era where Large Language Models are extremely hungry for data, every private message is no longer just communication to Meta—it’s free “labeled data.” By terminating E2EE, Meta is essentially incorporating users’ private conversations into its “digital oil refinery.”
Anti-climax: If the product is free…
Having written over a thousand words, it might seem like I’m just here to bash Meta. But here is the anti-climax: to deal with governments and train AI, Meta’s termination of E2EE is actually understandable—one might even say perfectly reasonable. R&D, servers, and bandwidth all cost money. Yet, the moment a service charges a fee, users flee. If they don’t use your data to make money, are they supposed to run on “the power of love”?
Furthermore, Signal, and even Meta-owned WhatsApp and Messenger, all have E2EE as the default. The former even avoids storing user metadata and protects user privacy in every detail—and these tools are all free. If there are so many choices right in front of them and users still run to Instagram DMs, WeChat, or Telegram, clearly not caring about their own privacy, then what right do we have to blame a profit-driven tech enterprise for “creating value for shareholders”?
At the end of the day, most people only care about what is free, convenient, efficient, and has network effects. If privacy can even be a “fifth element,” that’s already not bad. This is the choice of the mainstream user. What “privacy buffs” can do is not to shout louder at tech companies, but to work harder on discourse and public education.
POLL: Telegram does not use E2EE by default…
- I’ve known that for a long time.
- I’ve been mistaken this whole time; I had no idea.
- Impossible, you must be wrong.
- Doesn’t matter, I still trust Telegram.
- End-to-end encryption?! I don’t fxxking care.
p.s. In the last issue, The price of privacy? HK$100k and 1 year in prison., I thought the topic was very important and the content was decent. As it turns out, the open rate was only 23.4%, the lowest in over a year. Does this happen to prove exactly what I was saying?
Leave a Reply