Comment by kuschku

We assume they don't log this data.

We don't know whether an intelligence agency is listening in on their servers and logging this data.

Assuming an eavesdropper that can defeat TLS or is listening via DMA attacks on the signal servers,

- you can log initial signup or login, which allows you to connect user id and phone number

- you can log the first time a chat is created, which allows you to build a social graph of which person is connected to which other people

- even with sealed sender, you still know the identity of the receiver and the IP address of the sender, which is often enough to figure out who is in contact with whom

This would be enough dragnet surveillance to automatically figure out the contacts of people you've already identified as threats. You'd also have enough evidence to get a sealed court order to do targeted surveillance on these people.