If some random user joins my E2EE groupchat, yes, my expectation is that some unknown actor is now reading my messages... It would be no different than some rando getting added to a Signal group. At least in the groups I'm in, that would cause a flurry of messages asking who they are and who added them.

What if someone already in the group adds a new device? That would hardly cause a flurry or surprise, it’s a common thing to happen. But using Matrix it could also mean whom ever controls the server could be reading all your messages. And the alert has to cover both scenarios. I’m not sure how you could message that in such a way to make it actionable. Especially to non-tech users. Even if they did understand it would require a mini investigation/“flurry” multiple times a month for even a modest sized group. My personal observation is that a group of about 50 have 1 new phone every two weeks, with seasonal increases around Sept/Oct and January 1st.

If verified that device will show up red. And you can enable sending keys only to verified contacts