[baby]

1. when you create a joining link, it creates a secret uuid

2. this uuid is shared with the rest of the group

3. if Alice joins the group, every uuid created is shared to Alice (except the one Alice used, if Alice used a joining link)

4. when Bob attempts to join the group via the group id, if Bob does not have a known code Bob is refused

5. if Bob uses a known code, Bob is accepted and everyone deletes the code

This does not prevent different participant views to be created, but this is already a problem in WA anyway.

[yuliyp]

(a) it means each code can only be redeemed once, which is a bit of a usability hit (b) it still doesn't stop a malicious server, which can try to MITM the group join and proxy messages to the client.

[baby]

If this is a usability problem then remove this line:

> and everyone deletes the code

I'm not sure I understand your attack in (b), the message is encrypted to the participants the server cannot relay or mitm it.