Shadowbanned on Instagram? Here’s why, and what to do.

If there’s one plea I hear more than any others right now, it is from people saying ‘help! I’ve been shadowbanned on Instagram‘, and asking what to do.

Unlike the incident earlier this year, where it was only a handful affected, now it seems to be much more widespread – and affecting a greater range of accounts. Just what is going on?

What exactly is the Instagram ‘shadowban’?

A ‘shadowban’ is a name for a way of limiting a user’s visibility on a website without them being able to tell it’s happened. It came about on forums like Reddit, where persistent trolls would just spring back up if turfed out with a straightforward, traditional ban. Shadowbanning lets a user feel like they’re still posting, but protects everyone else from having to see those posts. On Instagram, this means your posts remain visible to your followers, and anyone who visits your page directly – but that your content (i.e. gallery posts and Story posts) is not promoted under hashtags, on Explore, in the search function or under location pages. As a result, you’re likely to see a drop in engagement and growth, as your visibility rapidly declines. 

How do I know if I’ve been shadowbanned?

The first sign is usually an unusually sharp drop in engagement, from one post to the next.
The only way to tell for sure is to then go and  look for your posts using an account that does not follow you. You’ll need to log in to a different account, or ask a friend to unfollow you and check – the easiest way is to add a small, specific hashtag to your most recent posts, and ask a non-following person to look under that tag to see if your post is there.
There’s a website around that promises to check for you just using your username – it’s a complete sham, and does nothing of the sort. All it actually does is check if your hashtags are entered in the caption or not – completely useless, given that this has no bearing at all on being shadowbanned, or whether your post will display for others. So check manually, and ignore everything else.
A shadowban is linked to an individual user’s IP and/or device, meaning any other accounts you create or possess at that time are most likely to be affected also.

Why are Instagram doing this?

Instagram clearly stated after the initial problems in the summer that this so-called shadowbanning is ‘intentional functionality’ – meaning, they coded it to work this way. It’s designed to protect their core user base from seeing questionable, spammy or inappropriate content – by hiding posts form any account they’re unsure about from a wider discovery network. This is in line with their other steps to improve their corporate responsibility to their users, safeguarding their predominantly young audience from seeing extreme, violent or offensive content wherever possible. It’s a good thing, overall. 

But why is it affecting me? I’m not spam!

The main reason that regular users are getting caught up seems to be down to data leaks and increased security at Instagram. A few weeks back we saw a major API flaw exploited and thousands of user’s usernames, email addresses and phone numbers compromised. No passwords were taken, but as a precaution Instagram asked affected users to re-confirm their account details, and for a two-week period following, they found their accounts had been ‘shadowbanned’.
Think of it a little like when your bank suspects fraudulent activity on your account. They usually will suspend your card until an operative can speak to you personally and confirm the transactions. In Instagram’s case, their user base is too huge for this to be humanly practical, so they have an automated two-step process for checking accounts are legit. First you confirm, then for two weeks you’re hidden, and perhaps lightly monitored, before being re-introduced to the wider app.

Since the initial data leak, it seems Instagram (and Facebook, as they’re one and the same) are taking steps to check the integrity of more users’ accounts – likely by checking in on dark web databases offering to sell user information. Some users are being notified that scans have detected their accounts on other social networks have been compromised, or that their passwords have been shared. In other cases, users have no indication anything has happened – but it’s likely that Instagram have found reason elsewhere to take steps to protect their account.

There’s also some evidence that use of apps that Instagram deems as violating their terms of use can cause a Shadowban too – specifically, anything used for automating likes, comments or followings, and any tracking app that can tell you the usernames of people who’ve unfollowed you. Apps that simply tell you numbers of unfollowers are fine – it’s specifically apps that identify who they are that are now against the Terms of Use.

Isn’t this overkill? All just to stop a bit of spam?

Honestly, it does seem a little extreme – which then got me thinking. Instagram/Facebook are a business like any other and are unlikely to be investing in this tech – and upsetting their user base – without good reason.
Perhaps it’s simply a response to a changing digital landscape, and tougher repercussions for social media platforms that don’t safeguard their users. But to me and my analytical mind, it feels like it’s about safeguarding against a wider attack – a mass hack by, for example, political or religious extremists, who take control of a large number of accounts and flood the platform with dangerous material. The scope of this recent data leak, and the subsequent availability of that data for sale in the dark corners of the internet, make clear the ease with which this could be achieved. 
Imagine the impact of these hundreds of thousands of accounts, some of them belonging to influential or Verified users, all sharing extremist or propaganda messaging, to a largely young and vulnerable audience. Limiting the visibility and spread of that content would be an entirely appropriate concern.

So what will happen to my account now? What can I do to fix this?

The first thing to note is that it’s almost never permanent – in most cases, especially where it’s in response to a possible data leak, it lasts exactly 14 days, to the hour. If you were asked to enter a verification code or confirm your identity, it will be 14 days from the time you responded to this request.
While you’re under the ‘ban’, it seems sensible to take some basic steps to ensure your account isn’t flagging for any additional spam markers, in case Instagram is more closely scrutinising users during this ring-fenced period. We’ve no evidence this is happening – it just seems likely, or at least possible, and in my opinion, it’s a worthwhile step.

To ensure you’re giving clear ‘real person, not a spammer‘ indicators:

Keep engaging, chatting, and using the platform in normal, casual ways.
Keep posting, if you can bear it with the rubbish engagement.
Remove permissions for any dodgy apps or third-party services you’ve signed into before.

Make sudden changes to your user info, bio, email address etc during this period.
Mass-like, mass comment or go on a following or unfollowing spree.
Over-use hashtags or comment pods to try and boost your engagement.
Write comments or captions that contain likely trigger words, e.g. relating to sex and drugs.

Honestly, that’s good advice for Instagram all the time. They’re only going to get tougher on users who try to exploit the system in the long run.

What if it doesn’t lift after 14 days?

There are a couple of possibilities here – and bear in mind this answer is largely conjecture on my part.
Some accounts may be ring-fenced in the ‘shadowban’ safe zone for a longer period of time, after a more serious hacking attempt or breach. 28 days, for example, might be an automatic setting in these instances, instead of the standard 14.
A handful of users have found that after confirming their data their account never returns, or, that it remains permanently shadowbanned. So far I’ve only seen instances of this where the user in question had been heavily gaming the system prior to the incident – that is, botting, mass use of comment pods, spamming with comments and likes. It’s worth remembering that all these so-called ‘strategies’ are against Instagram’s terms of use in one way or another, and therefore they’re perfectly within their rights to suspend or limit accounts partaking in them. It might be that an account was only noticed due to a data breach, but unfortunately at that point it was seen to be using a number of shady strategies, and became permanently labelled as spam.

If you genuinely believe your account has been permanently affected in error, and the initial 14 days or 28 days have passed, you can reach out to Instagram help for further guidance. In my experience it’s tough to get a response, as the channels are routinely flooded by people with gripes and requests, and the team is unable to respond to everyone. Increase your chances of a response by being clear, concise and professional, and avoiding emotional language or attributing blame. Be aware that many Instagram staff will know nothing of any of this technology, and may not have direct authority to do anything to help.

I’ve not been affected yet. Is there anything I can do to safeguard it from happening to me?

  Yes! Here’s a quick list:

1. First up, check your IG and FB passwords are solid, and turn on 2-step authentication using a phone number. 

2. Consider having a platform-specific email address, that you use for nothing else. If you include an email address in your Instagram bio, make sure this is different to the one you are registered with. Don’t make it easy for spammers to guess your login credentials.

3. Apply these same rules to the other social media platforms and websites you regularly visit – don’t reuse passwords from your big social media accounts on shopping sites and small internet forums. 

4. In the Instagram app, check which third-party applications you’ve given permissions to, and delete as many as possible. Keep only those that you know, trust, and need to regularly use. 

5. Avoid engaging in any spam-like behaviour, such as mass liking, leaving short, duplicate comments, or regularly using keywords that are likely to flag as questionable.

6. Be diligent and careful whenever responding to an email claiming to be from Instagram, Facebook or any other social platform. Instagram will not email to ask you before Verifying your account with a blue tick, for example, or asking you to enter your password. If you’ve followed step 2, you’ll find that you can tell the real emails from the fake phishing ones because they go to your public email address, but it still pays to be careful regardless.

Does this match your experience of the ‘shadowban’? Does anyone have questions I haven’t yet answered above?

Liked this post? 

This post supersedes and replaces the ideas shared in my initial post around shadowbanning, written when the function first emerged.