I generally stay away from companies that advertise their jobs using titles like "JavaScript Junkie," "CSS Craftsman," "UI/UX Ubermensch," "Crypto Crack," and "DevOps Demigod."
If they use that language for their job listings I'd assume their company culture has a similar "bro" feel to it. It works both ways, you can take it as a warning that you won't like it and only "bro" people will apply :-)
Edit: Just to be clear, I also agree it's a bit over the top.
Starkit pricing will be released on 1st of November or earlier. Starkit is a downloadable iso that you install on any machine. Just to get an idea, pricing for home users and small businesses starts from 299 euro for perpetual license.
If a user wants to have privacy owning his own mail and cloud storage system then the only single plug-n-play solution available worldwide now is Starkit.
Alternatively a user will have to use various open source or commercial software packages (i.e. operating system, mail server, anti-spam, anti-virus, cloud storage, archiving, encryption) and try to make them work together. It is obvious that an alternative approach needs highly skilled technicians, lots of time, requires high maintenance (time and money) and the results are uncertain.
Not only this, a custom made solution will still be missing some features found only on Starkit such as the unique ultrafast webmail interface designed for productivity, remote appliance unlocking, unified user management and automatic upgrades.
I'm a little disturbed by the thing about inbound e-mails being encrypted. That's a "won't read your mail" not a "can't read your mail" solution. If I'm counting on you to encrypt it before it reaches me, I'm basically counting on you not to read it anyway, so it's just an inconvenience to me to have to decrypt the PGP key. Such worthless solutions shouldn't be offered.
It might be misadvertised, but there is value in encrypting data at rest even if it's not encrypted in transit. The main benefit, of course, is forward secrecy.
If the government would like to read ed's email and he's using this technology, they can tap the wire or demand the mail host save an unencrypted copy. However, the government cannot read ed's past emails because they're encrypted.
Without this, anyone who compromises the server or takes out a warrant can get all past and future emails, not only all future emails.
If you want a better solution, simply have everyone who emails you gpg encrypt their messages. If your contacts aren't encrypting your messages there's little an email provider can do other than receive plaintext messages and, in rare cases like this one, encrypt them at rest.
Encrypting e-mails at rest on the server should be done anyway and is nothing to brag about. Obviously there's nothing the e-mail provider can do about e-mail that's not sent end-to-end encrypted - that's just a fact and implying that they can make things somehow safer by automatically encrypting your e-mails as they come in is hiding this fact. That is in fact exactly what's concerning me - whether they are deluding themselves or others into thinking that this is providing any significant security, they're essentially inducing people to use insecure practices.
My guess is that while there's some aspects of forward secrecy to the fact that you're using your GPG key to decrypt the e-mails client-side (which is significantly better than ProtonMail's approach, which is basically full-on snake oil), given the fact that a huge proportion of your non-PGP-using counterparties are going to be using Yahoo Mail, Hotmail and GMail anyway, anyone with a warrant will just get the full, unencrypted text of all your communications from them anyway.
Also, if somebody manages to get access to your email client, they can't just issue email based password resets to get access to all of your other accounts, because they wont be able to read the confirmation emails without your PGP key.
I'm not really sure what attack you are envisioning here. If they have access to your e-mail client, they should be able to just lift your account credentials, allowing them to add a new PGP key to the key ring, then issue all the password resets and, if you want, change the PGP key back.
Really?