Speaking of which: Why not switch LNBits' accounting method to blinded eCash? 😉
legend.lnbits.com for instance is probably one of the bigger custodians out there, but it would also encourage other people to host public instances
Discussion
In ecash, there are no accounting methods :)
You can run a chaumian mint in LNbits with the Cashu plugin!
I know. I'm talking about replacing the entries/invoice data in the LNbit Postgres/SQLite db somehow with blinded entries.
That said, I haven't looked into the Internals of the LNbits backend yet and might be talking out of my depth here. I seem to recall that all invoices are recorded in backend SQL, so the operator can supposedly see the user_id, wallet_id and LN invoice data of all users.
My comment was more meant as a general remark/design question:
"Could LNBits be made such that the above mentioned User data is shielded from the instance operator?"
But when I think about it, all you'd really need is column encryption `pgcrypto` (client needs to provide a decryption key though.. maby a password?) at the database level. not 100% bullet-proof against a malicious server admin, but at least would guard you against database breaches from outside.
And if PG evere adds Transparent Data Encrpytion, than that would be a good option too.