I assume users must still be able to send messages from different devices, just by entering their login data into a new Messenger client.
According to their paper, they are doing client fan-out:
"Messenger uses this "client-fanout" approach for transmitting messages to multiple devices, where the Messenger client transmits a single message `N` number of times to `N` number of different devices. Each message is individually encrypted using the established pairwise encryption session with each device."
This means, the system is only as secure as its client registration protocol. They don't write a lot about it:
"At registration time, a Messenger client transmits its public Identity Key, public Signed Pre Key (with its signature), and a batch of public One-Time Pre Keys to the server. The Messenger server stores these public keys associated with the user's device specific identifier. This facilitates offline session establishment between two devices when one device is offline."
If I interpret this correctly, the server can, at any time it desires, silently add new clients. Those devices will receive all messages directed at that user, and will be able to decrypt it.
I guess that's in line with their bla-bla about setting user expectations:
"Our focus is on determining the appropriate boundaries, ensuring that we remain true to our commitments, setting the correct user expectations, and avoiding creating meaningful privacy risks, while still ensuring that the product retains its usefulness to our users."
Don't forget, their commitments are making profit and exploiting user data.
This sounds similar to what Apple's iMessage does as well. Ultimately, if the user cannot check which devices that their client is sending messages to, then yes, the central server can tell clients to establish a pair with a hostile device the central server controls.
According to their paper, they are doing client fan-out:
"Messenger uses this "client-fanout" approach for transmitting messages to multiple devices, where the Messenger client transmits a single message `N` number of times to `N` number of different devices. Each message is individually encrypted using the established pairwise encryption session with each device."
This means, the system is only as secure as its client registration protocol. They don't write a lot about it:
"At registration time, a Messenger client transmits its public Identity Key, public Signed Pre Key (with its signature), and a batch of public One-Time Pre Keys to the server. The Messenger server stores these public keys associated with the user's device specific identifier. This facilitates offline session establishment between two devices when one device is offline."
If I interpret this correctly, the server can, at any time it desires, silently add new clients. Those devices will receive all messages directed at that user, and will be able to decrypt it.
I guess that's in line with their bla-bla about setting user expectations:
"Our focus is on determining the appropriate boundaries, ensuring that we remain true to our commitments, setting the correct user expectations, and avoiding creating meaningful privacy risks, while still ensuring that the product retains its usefulness to our users."
Don't forget, their commitments are making profit and exploiting user data.