Bitmask doesn't want to provide a proper VPN service, for the moment there is a demo service to try it. But the idea is to provide all the software easy to set up for providers, and the providers will charge you for it to sustain themselves. The nice thing of this model is that the provider only provides the service but your client comes from an independent organization, your provider can not put back doors on it.
The trust is a hard problem, we are moving the trust from the ISP to your provider (https://leap.se/en/doc/platform). Your ISP is something that you can not choose much, but on the provider you can choose or set up your own (https://leap.se/en/doc/platform).
OpenVPN is hard to use by non-hackers and complicated to configure well, too easy to have DNS or IPv6 leaks. Bitmask makes all that easy.
Do you prevent "IPv6 leaks" by running IPv6 through the tunnel, or by turning off IPv6?
And, more interestingly, are these answers consistent?
The demo providers currently offer only VPN, but encrypted email is planned to be released soon.
Bitmessage (https://bitmessage.org) might prove to be a viable solution to the metadata problem.