Yes, this means the server and a deleted user could collude to re-add them, or anybody of the deleted user's choosing to the group, or to remove selected people from the group (the server doesn't need collusion to remove random people from a group)
No, the members of the group would be able to see that the deleted user is back, or whatever else has happened to the list. Signal's server isn't responsible for deciding who gets the group messages, only for storing the agreed list in encrypted form. So members don't need to trust that the server did as it was told.
Certainly if you have a group where you suspect a member of colluding with the Signal server to betray the group you should probably NOT remove that member but instead take the extra trouble to explicitly form a new group (without that member obviously).
Got it. I was thinking that for bigger groups, it might be hard for members to keep track of who got deleted when and by whom, so it might be easier for a deleted user to slip back in without attracting notice.
Your point that the deleted user and the server can collude to add a rando to the group seems like a bigger deal, since it would be harder to catch.
To make the same point more critically, if the members need to constantly recheck the mapping of group name to membership list (to stop server cheating), then the scheme might not be buying much.
No, the members of the group would be able to see that the deleted user is back, or whatever else has happened to the list. Signal's server isn't responsible for deciding who gets the group messages, only for storing the agreed list in encrypted form. So members don't need to trust that the server did as it was told.
Certainly if you have a group where you suspect a member of colluding with the Signal server to betray the group you should probably NOT remove that member but instead take the extra trouble to explicitly form a new group (without that member obviously).