So, its all done by the user client?
Yes. The client uses what's called "remote attestation" to verify its talking to, not just official servers, but official server code published on github. Read more about it here: https://signal.org/blog/building-faster-oram/
To put it simply, they're using the same technology that allows DRM protected videos to play back on your computer/phone/tablet, but against their own servers, to ensure its not a rogue host or code.
Signal still centrally collects metadata
Signal doesn't collect any useful data; they've been compelled by court to present all data they have on users and all they know are two time stamps. The date + time your phone number registered and the last day (not time) one of your apps (linked desktop app or tablet) pinged their server.
Source: https://signal.org/bigbrother/
... and requires a phone number to participate.
Because it originated as an overlay of the SMS/MMS network, a text messaging replacement, before everyone was "always online". But that's beside the point as you can now hide your phone number from others.
If you're serious about privacy, ESPECIALLY if you're part of a group looking to organize in a clandestine fashion, you should look into the vastly superior SimpleX Chat.
I wouldn't recommend SimpleX chat, its developed by a Trump-supporting Antivaxxer who believes in wild conspiracy theories, not the kind of person I would put my trust in. Source: https://social.tchncs.de/@pixelcode/114633102552691724
If you're serious abut privacy, ESPECIALLY if you're part of a group looking to organize in a clandestine fashion, you should fund the development of your own secure channels. Don't outsource the important stuff. For everyone else, there's Signal.
Signal defaults to hiding your phone number since the release of user names: https://signal.org/blog/phone-number-privacy-usernames/
ACKSHUALLY back in their day they just got paid significantly more. Minimum wage hasn't kept up with inflation and median pay hasn't increased with productivity for the last 40 years.
Little known fact, the "J" stands for Jackass
Threats against one person, sure, but don't ignore the context in which this happened. Trump has emboldened racists and encouraged ICE to tear apart families. People who simply want to better their lives. Don't get it twisted, this is state encouraged terrorism. Just because its against a single person doesn't mean they don't intend to terrorize the entire hispanic/latino community.
Your profile, like everything else on Signal, is also end-to-end encrypted. Your name and profile picture do get shared with whoever you chat with, groups or individuals. If you don't want your name and profile picture shared with randos, either don't set them or don't chat with randos.