What stops them from being able to? They could actually infer a lot of the metadata just from the encrypted network traffic, without even looking inside the VMs at their execution state. But, they can also see inside, so they can keep the kind of logs (outside the VM) which Signal [says that they] wouldn't.
This is pure speculation
which part?
What stops them from being able to? They could actually infer a lot of the metadata just from the encrypted network traffic, without even looking inside the VMs at their execution state. But, they can also see inside, so they can keep the kind of logs (outside the VM) which Signal [says that they] wouldn't.