alt Hacker NewsRoom membership is still determined by the server rather than the client - but we now warn the user and freeze the room if devices which are not signed by their owner are present in the room.
Constraining the user membership to be controlled by the client is Hard in a fully decentralised world, but we're working on it: one option is MSC4256 (which pushes the whole problem to MLS); another option is to run Matrix's state resolution algorithm on the client (making the client implementation even more complex) to ensure that the client agrees with the server on the correct user membership.
Thanks a lot for chiming in! That's nice to hear it's better and improving.
View from 1000 feet: maybe a way to lock a room's users would be interesting? So that new users in, say, a DM room do not get decryption keys for messages from the client. Something like a weaker form of "only send messages to verified users", where you could have a DM room with (at most) 2 people.
Or, instead, maybe an option to disable forwarding session keys older than the user's room join event, to keep forward secrecy so that a new user does not get to read old messages (or does this already happen every 100 messages?).