I think Pond had better-thought-out decoy traffic https://github.com/agl/pond with a statistical design and clients would always upload and download the same amount of data (so it was very hard to determine if they "got a message" or just checked and didn't get a message).

You have bots that are ideally not controlled by the system.

But remember that we rely on the lambda scheduler to run it

That does boy have perfect accuracy, so that helps too

Finally, you aren't publishing every 5 minutes, you execute it once a minute, and have 25% chance to publish, so it's going to be mixed