I think it's "not custodial" in the sense that the Hermes server cannot use the funds, since the ecash is locked to the receiver's pubkey. But since the Hermes server can always stealthily steal from you by responding to requests with their own invoices, I'm not sure I see much of an advantage here. You need to trust the Hermes server anyway.
the Hermes server cannot use the funds, since the ecash is locked to the receiver's pubkey
They can use the funds, because even though the ecash is locked to the receiver's pubkey, the bitcoins are not. The ecash is a liability, a credit, backed by an asset, btc. Hermes can run off with the asset (btc) and refuse to honor the liability (ecash).
reply
They can use the funds, because even though the ecash is locked to the receiver's pubkey, the bitcoins are not. The ecash is a liability, a credit, backed by an asset, btc. Hermes can run off with the asset (btc) and refuse to honor the liability (ecash).
I'm assuming Hermes isn't part of the Federation, just a service provider operating in the mint.
The mint will only create the ecash after the sats are in its control. So either Hermes steals the funds upfront (no ecash minted, nobody knows they stole unless the sender talks to the recipient), or they'd need to collude with the Federation.
reply
Oh I see what you mean now. I think you are saying Hermes is non-custodial because they don't have your btc, fedimint does. Is that right?
If so, that doesn't make it non-custodial. Imagine if instead of using fedimint Hermes showed you a "deposit address" to coinbase. And then they said "You see, we are non-custodial because we don't have your btc, coinbase does."
If you tell users "non-custodial" when it's really all a frontend for a custodian's api, you're lying. Tell users the truth so that they are informed. They may be willing to trust that person or group with their money, but the wallet should definitely not lie about the trust model by calling itself non-custodial.