Overview

Production Readiness Create Standard Operating Procedure (SOP)for admins to detail a clear process for staging, testing, releasing, and updating production environments.Improve monitoring and alerts

Circumvention Tech: Our Hopping PT will integrated into the platform and provided by private providers. Monitoring, evaluation, and improvoments to deployed CTs will continue.

Desktop client Work: Release Bitmask Multi-Provider client with a production ready autoupdater and beta support for using an invite code during the onboarding process to connect to private providers. (and will also include support for QUIC)

Android Work: Focus will be bug fixing and addressing raised issues of the security audit. In order to ensure stable APIv5 handling we will add unit tests. For geolocation we will implement the missing client interation to determine the clients IP and country code.

Platform Work: The primary focus will be deployment readiness and the implementation of the Hopping PT. Readiness will include implementing readiness test, fixing Integration tests on lilypad, menshen, obfsvpn and deploying, testing and standardising the gateway selection code.

Tunnel-telemetry Improvements Create ability to submit metric to ooni

Public Faces We will create blog posts, semi-public reports, launch bitmask.net and update app stores.

CIRCUMVENTION TECH

Development

• integrate hopping-pt into lilypad leap/container-platform/lilypad#121
• Provide Quic to users

Complete all CTs

• KCP: obfsvpn#60
• Port Hopping: obfsvpn#61
• obfs4 via QUIC: obfsvpn#62
• Stretch: Webtunnel HTTPT: obfsvpn#63

Documentation

• update docs.leap.se for hopping obfsvpn#74
• update docs.leap.se for quic (how to run each bridge) obfsvpn#73

INVITE SYSTEM

The Invite system using APIv5, The Introdcuer, and bucket system is working.

• Android: APIv5 unit testing bitmask_android#9184
• Desktop: APIv5 cert parsing needs to be updated: bitmask-vpn#916
• Desktop: APIv5 obsfucation support
• Add documentation for invite system orchestration (4hrs) FIX

DESKTOP MULTI-PROVIDER

• Multi provider bitmask desktop client bitmask-vpn#790
• UX provider selection and first run bitmask-vpn#841

LOAD BALANCING & OPTIMIZATION

Working to ease congestion of gateways is taking the following form:

GEO-LOCATION

Sending the country code in apiv5 (bitmask-core) allows us to better distribute the load of the gateways. Currently the country code is fetched, but not yet used, as the backend part was missing in the past.

• GeoIP : menshen#39 (3days)

MENSHEN AGENT REPORTS CPU LOAD

We will replace menshen_agent (https://0xacab.org/leap/menshen_agent) with menshen-agent (https://0xacab.org/leap/menshen-agent), remove menshen_agent from openvpn container and control plane from obfspvn container.

• Unify menshen_agent for bridges and gateways menshen-agent#2 (ongoing, see menshen-agent!1 (merged))
• Update readme: menshen-agent#1 (4hrs)

OPENVPN OPTIMIZATION

• review/enable BBR congestion optionally in some of the nodes, to compare performance leap/container-platform/lilypad#107

GENERAL IMPROVEMENTS

DESKTOP

• UX Side drawer page update as per new figma design (new icons) bitmask-vpn#919
• UX App main page top bar update bitmask-vpn#918

ANDROID BUG FIXES

• Bitmask VPN sometimes prevents accessing LAN hosts bitmask_android#9132
• Leak canary improvements bitmask_android#9164
• Block non-VPN incoming traffic in lockdown mode bitmask_android#9120
• improve error handling for invalid invite tokens bitmask_android#9219 (closed)
• Remove camera permission for custom branded versions bitmask_android#9229 (closed)
• Address SRLabs findings https://0xacab.org/groups/leap/-/milestones/35
• API v5 Unit tests bitmask_android#9184

PUBLIC FACE IMPROVEMENTS

• Publish blog post about KCP et al site#5 (3h)
• Update play and fdroid bitmask_android#9190 (3h
• Update Architectural Design and Evolution Doc: dev-documentation#12 (2hrs)
• new about text for bitmask apps bitmask_android#9207
• launch bitmask
• l10n Play store listing bitmask_android#9137

TUNNEL-TELEMETRY IMPROVEMENTS

• Overview issue - tunnel-telemetry#6
• create ability to submit field testing measurements to OONI collector: solitech/monitoring!6
• Related? >>maybe this: bitmask-vpn#908