I don't know which attack the Signal guys had in mind, but usually how this works is that the server serves a file with a unique ID to a person, sees that it gets requested, then serves the same thing again in a subsequent request to a suspect, sees that it's not requested, and treats that as evidence that the two accounts are actually the same person.
It's obviously easier when you can correlate this with a single account, but that's the gist of the attack.
But this will correlate one file to that person and will not be able to correlate multiple file requests that they all belong to the exact same person.