Does a tool like metamask, which connects your browser to a public ethereum node to simplify running DApps, put the basic idea of decentralization and trustless blockchain verification in danger?
Is a decentralized app running through metamask still to be considered decentalized?
How is the ethereum node chosen, which hosts the nodes and how can a user trust it?
Best Answer
With tools like Metamask and other "lightwallet"-based infrastructure (wallets-in-the-browser), you are simply trusting that the browser environment keeps the keys safe.
In terms of writing information:
The centralized component in this architecture is that the remote RPC node that Metamask points to, accepts the raw signed transactions to inject into the network. Afaik, Metamask will also you to choose your own local RPC node if you don't trust the remote one. Just to clarify, the remote node won't be involved in any signing activity, it simply propagates an already signed transaction. So, the centralization concerns are very small in this regard.
In terms of reading information:
One has to trust the remote node won't send back false information about the state of the network. However, as mentioned above. If you feel that is an issue you will be able to replace it with your own node as well (to read from).