List of phone numbers? Pairs of communication partners? Timing and size of messages? Metadata about transferred media? There is still a lot, sufficient for targeting a drone strike as the usual wisdom goes.
Signal doesn’t store lists of phone governments have lists of phone numbers. Comunication partners are hidden from the server using Sealed Sender for many conversations.
The rest of this could possibly be obtained, it it wouldn’t require a patch to the server as message sizes and timestamps likely appear on disk somewhere. Though the data is encrypted, you could tell “x received a message from some party (sealed sender prevents knowing who) at y time of roughly z size”.
Signal still uses and verifies phone numbers, so at some point they will pass through their infrastructure. They could still save them, knowing the source code they use gives at least at hint that they don't.
Sealed sender also is based on the pinky-swear that the infrastructure distributing the sender auth certificates doesn't correlate identities and connections with the messaging infrastructure. And that the server receiving the enveloped messages doesn't log. So all based on trust based on believing the right source code is running somewhere.
When access to that source code is restricted suddenly, of course people are worried.
Signal claims to specially protect some of that data, such claims need verification. Storing or not storing that data needs verification, without the trust that they do what they say they are no better than their competition. Trust is earned e.g. by openness about the source code. And that a server backdoor isn't strictly necessary is also beside the point because the server is the easiest and most obvious way to get at all that data.
Also, there is competition like Briar which has less of those pesky metadata problems (but some other problems instead)
I don't recall Signal ever having made implausible claims about traffic analytic attacks. I also don't buy into the idea that platforms are as trustworthy as their source release policies are orthodox.
The goalposts now seem to be at "someone might subpoena Signal's logs for some metadata", having moved pretty far from the original claim of "Signal's server code hasn't been updated because it has been secretly backdoored or intentionally weakened." It's difficult to see this as good faith security analysis rather than fearmongering.
What difference does this make? In your threat model the only serious countermeasure between you and state-level adversaries is a Logstash implementation?
Being able to hide from a government that wants to drone you while still being in the cellphone network requires much much much more OPSEC than just using Signal. For an average user Signal is about protecting the content of your messages, not your network, and it's good at that.
The rest of this could possibly be obtained, it it wouldn’t require a patch to the server as message sizes and timestamps likely appear on disk somewhere. Though the data is encrypted, you could tell “x received a message from some party (sealed sender prevents knowing who) at y time of roughly z size”.