What's a time-collision attack?
Since anyone can see the time a Nostr event was created, they can use the created_at field to find the two users (or all of the users in a group) that are messaging each other at any second. Do this over time and you can see which keys talks to which other keys. Without randomizing time, anyone would have been able to rebuild the same metadata leaks as nip04.