If you are still worried about this, my read of it is that these things might make the attack more difficult:

👉 turn off automatic downloading of media files

This makes this attack rely on you clicking the image to download it, making it very difficult for the attacker to know when to check for the cached status of the resource.

This is important, because for each attachment the attacker can only ask this question once per the period Cloudflare caches these resources (not sure exactly).

You can also:

👉 turn of push notifications – this makes the attack rely on you clicking the chat to download the image

👉 turn off read notifications – again, this makes it more difficult for the attacker to know when to ask the question they can only ask once per a specific period of time

👉 use Signal over Tor or a VPN to obscure your actual location – the attacker would get the rough location of the exit node

Technical details tl;dr:

- Signal (and other communication platforms) uses Cloudflare with caching enabled for media

- one can check on which Cloudflare endpoints a given attachment URL got cached (one can use a VPN for this), giving them the ability to roughly geolocate users whose Signal downloaded the file

- a patched version of Signal (or whatever app) allows the attacker to send the message with an image, and extract the attachment URL to know what URL to check for having been cached

- images usually get downloaded automatically (and thus get cached on Cloudflare side)

- push notifications make this a 0-click thing, as the targeted user doesn't even have to click on a conversation to have the image downloaded

I believe this technique would work against any communication app that uses any global CDN that does endpoint caching and provides the caching status in HTTP headers of the response.