Prevent silent probing of device online status #7555
Description
SecureJoin has two types of tokens: invite tokens and auth tokens. Currently SecureJoin invite token can be used to silently probe device online status. Auth token when successfully used results in a visible "member added" message for groups, but is not visible when establishing a contact second time.
This is a known problem for messengers recently described in Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers, but is not new, see also "Silent SMS" problem.
For auth token, we should make sure that successful usage of auth token always results in a visible info message (e.g. "Bob scanned your QR code", "Bob is already part of the group, but scanned your QR code again"). Bob normally should not even send us AUTH message multiple times (#7335) so receiving multiple auth messages is unusual and it should be fine to display a message each time on Alice's side.
For invite tokens I don't have a solution yet because we don't have a place to display that invite token was used. Maybe we should expire them or limit the number of times they can be used, and revoke old token when the new one is created.
Actionable item for this issue is to make sure each successful processing of AUTH token results in a visible info message.
There is also a related issue #7340 that should be closed soon, makes sense to close it first before even discussing this one.
See also Delta Chat forum topic.