John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Two Meta stories dropped this week, and they’re pulling in completely opposite directions.
Story one: Meta’s killing Instagram’s end-to-end encrypted chat feature on May 8, 2026. If you’ve been using E2EE for private conversations, download your data before then or it’s gone. After May 8, Instagram messages won’t have encryption that keeps Meta from reading them.
Story two: Meta removed 10.9 million Facebook and Instagram accounts tied to criminal scam centers in 2025.
Your first instinct might be to write off one as PR cover for the other. That’d be too simple. Both are real, and the tension between them tells you exactly how Meta thinks about security.
What You’re Losing
End-to-end encryption means messages get encrypted on your device and only the recipient can decrypt them. Not Meta. Not advertisers. Not governments with subpoenas (though they can still get metadata). Not hackers who breach Meta’s servers.
The people who relied on this include journalists protecting sources, domestic violence survivors, people in countries with authoritarian governments, and regular folks who think “private” should mean something.
Meta says download instructions are coming. What happens to your data after May 8, whether it sticks around in decrypted form or gets deleted, needs official confirmation before anyone should assume.
And here’s the pointed comparison. WhatsApp keeps E2EE. Meta maintained encryption on the messaging-first platform and yanked it from the social platform where messaging is secondary. The business logic is obvious even if the security outcome is worse for users.
What You’re Getting
10.9 million accounts is a big number, and it matters.
Scam centers are an industrial-scale criminal operation, mostly out of Southeast Asia. The pig butchering schemes, the romance scams, the fake crypto platforms. The people running the scams are often trafficking victims coerced into fraud under threat of violence. The downstream victims lose their savings, their relationships, sometimes their lives.
Removing nearly 11 million accounts in one year is real disruption to networks that genuinely hurt real people. This isn’t moderation theater. These operations use Meta’s platforms as their primary customer acquisition channel, and Meta went after them hard.
The Real Story
Here’s the tension. Meta’s fighting external bad actors aggressively while removing tools that protect users from everyone, including Meta itself, governments, stalkers, and anyone who’d want access to private messages.
Those aren’t equivalent. Scam account removal protects users from fraud. Killing E2EE reduces user control over their own communications. A company can do both and mean both sincerely. That seems to be what’s happening here.
But let’s be clear-eyed about the direction. Meta’s security investment points at threats to Meta’s platform. It’s less interested in threats that require giving up visibility into user data. E2EE is structurally incompatible with data-driven advertising and content-based moderation. The incentive to keep it was always weaker on Instagram than on a pure messaging app where encryption is the selling point.
That’s a business calculation. Not a conspiracy.
What to Do Before May 8
If you use Instagram DMs for anything sensitive, the clock is ticking.
Download your data now: Settings, Your Activity, Download Your Information.
For conversations that actually need privacy going forward, Signal is still the gold standard. WhatsApp works if you need broader adoption and don’t mind staying in Meta’s world. Neither should happen on Instagram after May 8 if privacy matters to you.
The scam account takedown deserves credit. Whether those criminal networks just spin up fresh accounts will tell us more about real impact.
But for the E2EE shutdown: the deadline is real, the data window is limited, and the time to move sensitive conversations is now.