This is a good point. The metadata about time online might well be enough to pinpoint who is talking to who, over a long enough time. One option to avoid this is to get rid of status indicators, though that is inelegant and means the message would have to sit on the server at least until it expired. I'm not too concerned with the messages sitting on the server, because if the message passes through the server, then they could be storing it either way, and I'm already trusting that they will do that responsibly. Well, at the very least, trusting them to do that responsibly as long as there is no algorithm for faster large prime factorization, and the message is unreadable to them anyway. Expiration timers could be deliberately very short, which would reduce server load. I would personally allow the expiration timer to be user-set, because I believe the average security conscious person is going to want the timer to be short, unless there is a reason for the message to hang around.

Of course, this doesn't completely address the issue. It would still be theoretically possible to check for connections to the server, and determine online/offline status just from whether the messages are going out immediately after being sent in. Even generating fake data might not be enough to completely reduce that theoretically possible to the realm of technically impossible. It's still a risk to keep in mind. You can also never truly rule out that the service itself is compromised by an entity who wants your (meta or otherwise) data. You're safest disposing of your identity regularly, to disconnect previous conversations from new ones, if you're concerned about metadata analysis, which is considerably less elegant of a solution.

Of course, if your identity is anonymous, you don't truly have to worry about the metadata analysis, unless the person on the other end is compromised by a malicious agent, and knows details about you that could deanonymize you....