The thing is, if there's three users that know each other, using one server run by one of the three, then by definition there is one person with access to metadata of the 1:1 conversation between the two other users. If you are the one running the server, then your buddies are taking the risk that you're the creepy buddy.

The proper way to address this is with p2p messaging, like Cwtch, where each user is running server for their own account. Cwtch also experimentally supports caching ciphertexts on a server that's hosting the group chats that all members will have access to anyway, so there's no peer metadata to eavesdrop on.

well, that depends on your threat model. for me, an acquaintance finding out who i am talking to isn't a threat. a threat is profiling by big companies. and already by either running my own server or using a smaller paid email service, that threat is drastically reduced.

in fact this particular threat that you describe is more likely to happen at a university server where a rogue admin may use their privilege to snoop on people they want to stalk for whatever reason, as opposed to the friend that i chose because i trust them, like say the admin of the server of the local linux user group or the hackerspace that i am a member of.

in fact i am more likely to trust anyone that i know in person, simply because even if that person decides to snoop on me we can work that our in person, and the likely hood for it happening is low because it would affect our friendship. and i would guess that this is true for most people.

at some point you have to trust someone, and the closer you are to that person, the easier it will be to resolve problems.