Resisting such correlative models is very much still an active research that spans anonymous communication networks / mixnets / application security and many other subfields.

It's something I've been working on for over a decade, and while I am very proud of the work we've done on @cwtch there is still a long way to go (if you want to dig into what we consider the security model here you can check out our security handbook https://docs.cwtch.im/security/risk)

Right now I believe that tor v3 onion services are the closest we have to practical approaches to minimize metadata (far from perfect, and the price point for defeating it gets lower)

There has also been a lot of really cool research in the last few years specifically on new cryptographic protocols in aid of solving this problem in a way that is different from the "we need a verifiable mixnet / PIR" approach see keywords: fuzzy message detection / oblivious message detection / OMR

My personal long term take here is that a good solution for this problem might look something Niwl ( https://git.openprivacy.ca/openprivacy/niwl ) which is a prototype I built some years ago based on playing with FMD/FuzzyTags

i.e. how can we approximate a mixnet/PIR system with untrusted actors in a way that minimizes communication bandwidth?

As that work says, and what I am slowly convincing myself should be emblazoned across every project that even remotely attempts to make progress on communications privacy: hic sunt dracones

(But that isn't good marketing, so...)

And since it's come up:

If you are willing to trust a routing intermediary (and anyone who may force that intermediary to act e.g. a government) - then you don't have to worry about such attacks.

But in that case, just use Signal - it has a lot of other nice cryptographic properties that apply in that model.

(Signal also make various claims about metadata, I disagree with many of those claims, some I find outright ethically dubious as a privacy researcher - but you should just use Signal)