> The response: "we'll just try to have an alert pop up that tells you the server is reading your messages".
First, they have not said they will add alerts, they say that such alerts are already there. Second, they did admit that the current situation can be improved, and have said they will add cryptographic signatures to membership events in the future. To my reading that would be precisely what the researchers were missing, aka if new folks show up, even with support of the homeserver, they still need to present a signed invite from one of the group members to be given the keys.
First, they have not said they will add alerts, they say that such alerts are already there. Second, they did admit that the current situation can be improved, and have said they will add cryptographic signatures to membership events in the future. To my reading that would be precisely what the researchers were missing, aka if new folks show up, even with support of the homeserver, they still need to present a signed invite from one of the group members to be given the keys.