Rippling sues Deel over spying
53 comments
·March 17, 2025mattzito
makestuff
IMO this is going to create a wave of product offerings from security startups that "monitor for corporate espionage" similar to what Meta was doing tracking copy/paste into whats app, but do it across all apps. Like detect for seldom searched keywords, etc.
calmoo
link to complaint: https://rippling2.imgix.net/Complaint.pdf
Really worth the full read.
LoganDark
> Really worth the full read.
Absolutely agree, although it's around an hour's read.
Into the void I say: There's a typo on page 39 (of the PDF; the bottom of the page says 37) line 1. That item should be item 4 since it comes after another item 3.
(page 12 also has "at which the Rippling would be offering those solutions" which should probably be just "Rippling", I suspect it said "the Rippling platform" before being corrected to "Rippling" but forgetting to remove "the")
anf0
Is it known how Rippling obtained information about D.S.' Slack activity? Does Slack provide this information or did Rippling obtain this information by running third party monitoring software on D.S.' machine?
eclipticplane
Slack has a ton of auditing controls built in to the enterprise version: https://api.slack.com/admins/audit-logs-call#channel
EdwardDiego
Don't see anything in there about searches?
heymijo
The complaint goes into a lot of detail. Start at page 16 and read through at least page 23 if you want to understand what Ripling could discern from the spy's Slack usage.
> In part to ensure that the confidential information in Rippling’s Slack channels is used only for authorized purposes, Rippling employees’ Slack activity is “logged,” meaning every time a user views a document through Slack, accesses a Slack channel, sends a message, or conducts searches on Slack, that activity (and the associated user) is recorded in a log file.
42lux
Both would be fine? It’s a corp machine. If you find the amount of data disturbing don’t look what MS365/Teams is tracking…
frankfrank13
> I'm sure the CEO will try to have plausible deniability
I'm not so sure, this is very damning
duskwuff
It certainly is damning - but there's no upside to Deel in admitting to their actions, either.
probably_wrong
I have never heard of either company before and I'm starting to wonder whether I'm the odd one out. For those as lost as me, a cursory look tells me that Rippling is a "Workforce management system (HR, IT, Finance)" while Deel is a "Payroll, Compliance and HR Solution".
skerit
I use Deel to hire people internationally. It's mostly an EOR company. They promised a lot though, I once thought about moving my entire HR workflow to Deel (even for local employees), but quickly decided against it.
dablweb
Remote.com also compete in this space, and they have a pretty good UI and customer service.
Not cheap, but worth it for sure considering how much time they save you.
null
jeanlucas
I don't know Rippling, but Deel is widely adopted over here in Brazil for startups hiring international workers.
scarface_74
Rippling is a PEO
My company uses it. When you work for a company that uses Rippling, you are “co- employed” by both your company and Rippling. Your company does everything as far as hiring, firing, HR, management, etc.
But as far as taxes, insurance and benefits, you “work for” Rippling. It allows small companies to have the benefits of a larger company. Your company pays the PEO per head. It also serves as an SSO provider. Another startup I worked for in the past used Insperity.
paulgb
They have a PEO option, but FWIW they can also be used as a payroll provider / HR system (benefits access, vacation tracking, etc.) without a PEO.
scarface_74
That’s true. I got a “termination notice” from Rippling at the beginning of the year and had to fill out a W4 directly with my company. We are still using Rippling. But I assume not as a PEO anymore
jddj
Who covers the PI in these cases?
Edit: noticed you said insurances, is PI included?
scarface_74
What’s PI?
2c2c2c
iirc VC shenanigans lead to the ousting of the founder of zenefits, who proceeded to just rebuild the same thing: rippling
lots of drama with this guy!
gukov
Rippling blog post: https://www.rippling.com/blog/lawsuit-alleges-12-billion-uni...
NetOpWibby
Yikes! Good ol’ honeypot, works all the time.
ksynwa
I am curious how they got suspicious of a potential spy in the first place.
ToValueFunfetti
A journalist using private slack messages as a source reached out for comment on the story.
jeffdotdev
We had about 75 people hired through deel at one point. I actually complained to them because they were reaching out to my people inviting them to "Deel Events" and sending them marketing emails.
Deel is just another tech company that thinks they're entitled to data, you're just a user to them. I hope Rippling wins, and that management team gets put in their place.
In the mean time, I'm back to setting up local entities. They took a great idea and ruined trust. When I called them on it they just gave me corporate gaslighting.
pbiggar
We use Plane.com, as they are one of the few companies that support hiring in Palestine. Deel doesn't even list Palestine on their countries page, which tells you a lot about their ethics.
ridruejo
As the old saying goes … “The fact that you are paranoid doesn’t mean they are not out there to get you”
frankfrank13
Honestly insane if this ends up being true. Companies of course do research on their competitors, often leaning on employees who have left, current customers, investors, etc. But how [if true] Deel RECRUITED A SPY is so far beyond what anyone in 2025 should deem normal.
null
frankfrank13
Some banks/hedge funds/PE firms etc have ENTIRE internal groups dedicated to figuring out what their competitors are doing. Thats basic game theory! This is not that, and that anyone at Deel thought they would get away with this (if true) is nuts.
winterbloom
why shouldn't this fall under "all's fair in love and war"
andrelaszlo
Where, then, do you draw the line? I don't get your comment lol. Kidnapping is fair, as long as it's a competitor?
You're probably joking but it's hard to tell with all the "contrarians" and "devil's advocates" out there.
relistan
In many countries, the theft of trade secrets is a serious crime. In the US, for example, it carries a penalty of up to 10 years in prison and a $5M fine. It’s unclear to me why this is a civil suit. It may have to do with the alleged activity taking place overseas.
ksynwa
Because that is not a statute
no_wizard
I don’t feel sorry for corporations being spied on by each other. They do this to their own employees to exert control and the general public to make a buck all the time.
I couldn’t care less about this. Honestly the shit corporations pull on the daily in 2025 shouldn’t be considered normal.
Why should I be worked up about this?
phpnode
@dang is this story getting flagged? It's appeared under various links in the last 24hrs and does not appear to have ever hit the front page despite a bunch of upvotes. This story seems relevant to HN, and given the policy of careful moderation of stories related to YC-companies perhaps it deserves a spot in the another-chance queue?
pbiggar
Dang had previously commented that many negative stories about Israel get flagged. Mostly it's due to their war crimes but you can imagine the same folks might also flag stories critical of Israeli tech companies.
null
pilingual
I still can't understand how YC funds competing companies. Where is the efficiency in that? You have your portfolio companies wasting time with (alleged) spies and lawsuits.
They say they just admit smart people. So 3 friends from MIT get in to YC, and at the first office hours said friends tell the YC partners they are working on a startup that starts startups. Awkward.
Centigonal
Rippling and Deel started by addressing different markets. They converged when they realized that there is a need for comprehensive payroll and people management software that's integrated with services like PEO and international staffing.
delish
As the complaint says on page 4: https://rippling2.imgix.net/Complaint.pdf
Deel was founded in 2019 and, in Rippling's opinion, began competing with Rippling in 2022.
phpnode
It’s rarely a case of winner takes all, and in this specific scenario both companies have grown into billion dollar valuations. Seems like it’s working for them, ignoring all the lawsuits
null
null
pbiggar
[flagged]
americandev
[flagged]
If you have a few minutes, reading the full complaint is worth it - the blog posts and the articles don't really do the whole story justice.
There is extremely damning evidence that this unnamed individual ("D.S.") in Ireland was acting at the behest of Deel senior leadership, including:
- the COO of deel reached out to a rippling payroll manager on linkedin to recruit them. The rippling employee didn't respond. Shortly thereafter, D.S. pulled up that employees personnel record in the HR system that has their unlisted phone number. Shortly after THAT, the COO of deel reached back out to that employee via WhatsApp and that phone number.
- The information was about to publish a story about Deel potentially violating sanctions. New information in the article was that at least one of the customers involved was a company called "tinybird". No one at rippling was aware that this company even existed, but a week BEFORE the article came out, but after the reporter had been asking questions of Deel, D.S. started searching Slack for "tinybird" (and there were no other searches of "tinybird" across the whole company)
- Around the same time, the reporter for the information reached out to rippling and had internal Rippling slack messages about potential similar sanctions violations. A short time before that happened, D.S. was suddenly searching for "russia", "sanctions", "iran", etc.
- There was an email between D.S. and the ceo of Deel, along with an introduction to someone from the family VC fund.
- And then, of course, the honeypot - a fake channel, fake chats from the Rippling CRO, but the chats had real stories that former Deel employees had alleged. Email sent to only the CEO of Deel, his dad/chairman of the board, and their GC. Just a short time later, D.S. was searching for the fake channel, trying to find it, adn trying to find these chat messages.
I'm sure the CEO will try to have plausible deniability, that it was someone else in his org that he delegated investigating these things to, he had no idea, etc. But if they can get D.S. to crack and share the details of what happened, I think it will be tough to toe that line.