There's a "Signal deanonymized" thing going around:
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
Stay calm. Deep breaths.
while this is a real consideration, the only thing the attacker gets from this is a very rough (kilometers or tens of kilometers radius) location
other communication platforms that use any kind of caching CDN to deliver attachments are just as affected
you almost certainly should continue to use Signal, unless you specifically know that this is a big problem for you.
@rysiek I think there's two points here:
1) If this is a security consideration for you, take note that much more granular location tracking is commonplace in mobile apps and prioritize mitigating that over the much more coarse location you can get by querying CDNs.
2) Using third-party services *always* introduces security considerations. If you're a programmer, think about what this means for your software before you integrate them.