Rippling sues Deel over spying
114 comments
·March 17, 2025mattzito
noisy_boy
The honeypot story seems so weird:
> So, to confirm Deel’s involvement, Rippling’s General Counsel sent a legal letter to Deel’s senior leadership identifying a recently established Slack channel called “d-defectors,” in which (the letter implied) Rippling employees were discussing information that Deel would find embarrassing if made public. In reality, the “d-defectors” channel was not used by Rippling employees and contained no discussions at all. ... Yet, just hours after Rippling sent the letter to Deel’s executives and counsel, Deel’s spy searched for and accessed the #d-defectors channel—proving beyond any doubt that Deel’s top leadership, or someone acting on their behalf, had fed the information on the #d-defectors channel to Deel’s spy inside Rippling.
I am sending legal letter to someone warning them that I have dirt on them AND am also mentioning where the dirt is. And that didn't ring any warning bells to Deel's management? Just wow, if true. If they are truly this incompetent, they have no business doing corporate espionage.
pea
This is hilariously similar to the ploy George Smiley gets Ricki Tarr to orchestrate from Paris in Tinker Tailor Soldier Spy
jamestimmins
It's a pretty classic canary trap/barium meal test, no? https://en.wikipedia.org/wiki/Canary_trap#Barium_meal_test
jobs_throwaway
People who resort to corporate espionage do not have the most sound judgement
droopyEyelids
*People who are caught
x0x0
They were already doing stuff that's squarely behavior for which the board will fire you (and plausibly criminal), so prudence already departed.
makestuff
IMO this is going to create a wave of product offerings from security startups that "monitor for corporate espionage" similar to what Meta was doing tracking copy/paste into whats app, but do it across all apps. Like detect for seldom searched keywords, etc.
swyx
or lets calm down, this much espionage doesnt actually happen that much, and when it does, separating out people on need-to-know basis and introducing honeypots have been routine parts of the process for decades and costs nothing, no startup to be built here
"security startups that "monitor for corporate espionage"" imply introducing yet another third party that literally has access to all the things (or logs thereof) thereby introducing a nice fat pwn factor for everyone
makestuff
Oh I agree it is a bad idea, but that doesn't mean it will not happen.
rl1987
This sort of stuff already exists. The term is Data Loss Prevention.
kstrauser
Eh. DLP’s alright when the data is neatly identifiable. Like, a social security number has a well defined format. When you get into the abstract it’s less helpful.
groby_b
"create"?
The keyword you're looking for is "data loss prevention", it's a thriving market.
financetechbro
A flavor of these offerings already exist in the financial compliance world
calmoo
link to complaint: https://rippling2.imgix.net/Complaint.pdf
Really worth the full read.
LoganDark
> Really worth the full read.
Absolutely agree, although it's around an hour's read.
Into the void I say: There's a typo on page 39 (of the PDF; the bottom of the page says 37) line 1. That item should be item 4 since it comes after another item 3.
(page 12 also has "at which the Rippling would be offering those solutions" which should probably be just "Rippling", I suspect it said "the Rippling platform" before being corrected to "Rippling" but forgetting to remove "the")
anf0
Is it known how Rippling obtained information about D.S.' Slack activity? Does Slack provide this information or did Rippling obtain this information by running third party monitoring software on D.S.' machine?
heymijo
The complaint goes into a lot of detail. Start at page 16 and read through at least page 23 if you want to understand what Ripling could discern from the spy's Slack usage.
> In part to ensure that the confidential information in Rippling’s Slack channels is used only for authorized purposes, Rippling employees’ Slack activity is “logged,” meaning every time a user views a document through Slack, accesses a Slack channel, sends a message, or conducts searches on Slack, that activity (and the associated user) is recorded in a log file.
eclipticplane
Slack has a ton of auditing controls built in to the enterprise version: https://api.slack.com/admins/audit-logs-call#channel
EdwardDiego
Don't see anything in there about searches?
r00fus
Enterprise Slack - everything is audited, and searchable with appropriate permissions. Your slacks on company time or with company equipment are not private from said company.
darth_avocado
Enterprise Anything - everything is logged and searchable in any company that has an IT dept.
42lux
Both would be fine? It’s a corp machine. If you find the amount of data disturbing don’t look what MS365/Teams is tracking…
frankfrank13
> I'm sure the CEO will try to have plausible deniability
I'm not so sure, this is very damning
duskwuff
It certainly is damning - but there's no upside to Deel in admitting to their actions, either.
PhillyPhuture
The VCs in DEEL (per Crunchbase):
Y Combinator Andreessen Horowitz SV Angel General Catalyst Spark Capital Soma Capital Coatue Quiet Capital AltaIR Capital Elad Gil Franklin Templeton Alexis Ohanian Four Cities Capital Emerson Collective Justin Mateen Lachy Groom Neo Altimeter Capital Mubadala La Famiglia Nat Friedman Sinai Capital Partners Firebolt Ventures Y Combinator Continuity Fund Daniel Gross BAM Elevate Avichal Garg Incisive Ventures Ryan Petersen Darian Shirazi Counterpart Advisors Worklife Weekend Fund Recursive Ventures William Hockey Green Bay Ventures Esas Ventures Jeffrey Wilke Roosh Ventures Cem Garih Fresh Ventures Dara Khosrowshahi Nick Raushenbush Jeffrey Katzenberg Bouaziz & Partners Alexandre Scialom Ben Lang Vinay Hiremath Rex Salisbury Terrance McArthur Pierre Bi John Zimmer Anthony Schiller Talal Chedid Raed Malek
groby_b
OK, but why is this relevant?
theoryofx
This is the logical conclusion of companies with undifferentiated crapware products that compete using aggressive sales teams.
Sales driven companies are all corrupt and corrupting. This kind of espionage is common, as is outright bribery of buyers.
gkoberger
I can't believe I'm about to defend a HR payroll systems.... but I wouldn't call Rippling or Deel "crapware". We use both; they're boring but necessary products, and they do their job well.
[Edit: Added Deel, since we use both! Also hello to the Rippling salesperson who is reading this and is about to reach out to me to convince us to switch.]
LoganDark
I think it's Deel that they're calling crapware, because they have to resort to such practices as these
gkoberger
We use Deel, too, and it's not "crap" either. It's boring but that's somewhat the point... how "differentiated" can a payroll system get?
(Also, it's hard to call Deel undifferentiated since they were first to market on this product.)
groby_b
If you have a reasonably competent sales team, you don't need "spying", you just ask the customers about their experience with the competitor.
Any reasonably company both shops around and is happy to throw one provider under any number of buses if it gets them a better deal with another provider.
probably_wrong
I have never heard of either company before and I'm starting to wonder whether I'm the odd one out. For those as lost as me, a cursory look tells me that Rippling is a "Workforce management system (HR, IT, Finance)" while Deel is a "Payroll, Compliance and HR Solution".
pkilgore
Be thankful you've never heard of Deel. It's the worst PEO I've ever used, by an extremely wide margin, having used 3 others.
skerit
I use Deel to hire people internationally. It's mostly an EOR company. They promised a lot though, I once thought about moving my entire HR workflow to Deel (even for local employees), but quickly decided against it.
dablweb
Remote.com also compete in this space, and they have a pretty good UI and customer service.
Not cheap, but worth it for sure considering how much time they save you.
xtracto
As someone outside the US who has worked with several of those companies before. The best one for the employees was Globalization Partners. Of course they were the most expensive.
Deel is the opposite: they provide US companies with gray area (or you could even say illegal in some countries) trickstery to reduce cost of employing people.
jacobsenscott
If you've never worked at a company that uses rippling or deel you wouldn't. They are niche HR tools, mostly targeting smaller companies.
jeanlucas
I don't know Rippling, but Deel is widely adopted over here in Brazil for startups hiring international workers.
null
scarface_74
Rippling is a PEO
My company uses it. When you work for a company that uses Rippling, you are “co- employed” by both your company and Rippling. Your company does everything as far as hiring, firing, HR, management, etc.
But as far as taxes, insurance and benefits, you “work for” Rippling. It allows small companies to have the benefits of a larger company. Your company pays the PEO per head. It also serves as an SSO provider. Another startup I worked for in the past used Insperity.
paulgb
They have a PEO option, but FWIW they can also be used as a payroll provider / HR system (benefits access, vacation tracking, etc.) without a PEO.
mdip
The company my employer uses, as far as I can tell, handles all of HR functions -- compliance, training, tax/payroll, benefits and the like.
scarface_74
That’s true. I got a “termination notice” from Rippling at the beginning of the year and had to fill out a W4 directly with my company. We are still using Rippling. But I assume not as a PEO anymore
mdip
Thank you for the explanation. It's been something I've been meaning to research because I'd never encountered this before my current employer and it's become something I will actually ask about in the future.
I prefer smaller employers (500 or less) but this is pretty fantastic. I've worked for a Fortune 500 employer with a solid, expensive-but-generously-subsidized healthcare plan, a tiny employer with expensive coverage that wasn't all that great but I've never been able to select from three different providers with a few options a piece.
It was a "killer feature" for me. My family has low-to-moderate medical needs, I like HSA eligible PPOs if the deductible/cost is right. I was able to find three plans that were taken by my family's specific specialists where I could max out the HSA deduction and pay less than half what I had at the last "typical employer plan" company.
This came too late for the Dental side of things -- I would have saved a couple grand per child on braces by purchasing the "Cadillac Plan" even with the two-year lock-in. The last three employers all had plans that seemingly no dentist on Earth is "in network" for and from insurance brands I've never heard of.
There's other upsides -- working at BigCo, we received various discounts at specific car rental companies/hotel chains that the company negotiated discounted rates in exchange for preference for business travel.
I haven't looked into what my company is doing, fully, yet, but it sounds like we have a subset of some of those features, too. We're around 150-200 people (I think) but this is the most comprehensive and reasonably priced benefits offering I've ever seen.
justinc8687
I personally use Deel so that as a one-person company I can access large group benefits. Using their EOR saves me about $5000/year on health insurance compared to an ACA policy.
sroussey
I have used TriNet for similar purposes in the past.
jddj
Who covers the PI in these cases?
Edit: noticed you said insurances, is PI included?
scarface_74
What’s PI?
null
skizm
The best part about this story is the spy, when asked to hand over his phone, decided to hide in the bathroom and lock himself in before storming out of the building refusing to hand it over.
> On March 12, Rippling sought and obtained an order from Ireland’s High Court to seize the alleged spy’s phone. When served, the purported spy feigned compliance before “hiding in the bathroom and then fleeing the scene,” the complaint says.
jacobsenscott
This is gold, and hilarious. I get why someone would "spy" on rippling for money, but my god, don't use a phone. And why would you even need to be on prem to do this kind of spying? There are so many better ways.
bschmidt67
The first time Deel tried to charge my employee a fee to get paid on time I stopped using Deel.
Didn't like their weird social network either. Dystopian.
barbazoo
> Deel tried to charge my employee a fee to get paid on time
I used to be employed through Deel and that doesn't ring a bell, how did they charge the employee for getting paid on time?
misiti3780
im sorry, they did what ?
numbers
Deel will hold the payment 1-3 days after the company runs payroll: https://help.letsdeel.com/hc/en-gb/articles/4413976907025-Wh...
borski
No, they won’t. They’ll hold the pay stub for 1-3 days. Your payment happens on pay day.
misiti3780
getting downvoted for asking a question ... cool
gukov
Rippling blog post: https://www.rippling.com/blog/lawsuit-alleges-12-billion-uni...
NetOpWibby
Yikes! Good ol’ honeypot, works all the time.
jeffdotdev
We had about 75 people hired through deel at one point. I actually complained to them because they were reaching out to my people inviting them to "Deel Events" and sending them marketing emails.
Deel is just another tech company that thinks they're entitled to data, you're just a user to them. I hope Rippling wins, and that management team gets put in their place.
In the mean time, I'm back to setting up local entities. They took a great idea and ruined trust. When I called them on it they just gave me corporate gaslighting.
pbiggar
We use Plane.com, as they are one of the few companies that support hiring in Palestine. Deel doesn't even list Palestine on their countries page, which tells you a lot about their ethics.
flas9sd
for anyone wanting the Matt Levine delivery on this, it was in his Newsletter yesterday under "Spies in the Sales Slack"
nfriedly
https://www.bloomberg.com/opinion/articles/2025-03-17/spies-...
Or, if that one hits you with a paywall, https://kill-the-newsletter.com/feeds/q8hb21183k12fmnv/entri... should work for a few days.
jedberg
Interestingly both are YC companies. Maybe YC can sort it out for them!
shadowtree
I love how Cyberpunk is becoming real.
Black ICE, netrunners and rogue AIs will soon be added to the mix.
Off to re-read Neuromancer, so far ahead of its time.
ilrwbwrkhv
If I was young and single I would totally polish my cybersecurity stuff and offer my services to company to hack into other companies.
With vibe coding and all of these things becoming more popular it's a dream career for the next 10 to 20 years for a cyber security dev.
ok_dad
Jesus H. Christ, people are taking the wrong idea from those types of stories! Those are cautionary tales of giving corporations too much power, and letting them take over the government. These stories are meant to show that when a sociopathic entity (a corp), which has one goal of profit above all else, is given power then it will use it without considering the human effects. This type of story isn't even prescient, most of them were written in a way that simply shines a light onto things that today's corps are already doing!
These writers weren't trying to excite you, they were trying to warn you. I'm having existential dread that people want to see cyberpunk-like things come to reality.
Hammerhead12321
Isn’t that a crime..?
ilrwbwrkhv
simple script kiddie attacks that stopped working in the mid 2000's will suddenly work again for awhile until the Gen AI's "learn" how to write secure code. And by "learn" I mean that should probably stop scraping Stackoverflow comments and using it as a source of truth on how something should be done.
ridruejo
As the old saying goes … “The fact that you are paranoid doesn’t mean they are not out there to get you”
If you have a few minutes, reading the full complaint is worth it - the blog posts and the articles don't really do the whole story justice.
There is extremely damning evidence that this unnamed individual ("D.S.") in Ireland was acting at the behest of Deel senior leadership, including:
- the COO of deel reached out to a rippling payroll manager on linkedin to recruit them. The rippling employee didn't respond. Shortly thereafter, D.S. pulled up that employees personnel record in the HR system that has their unlisted phone number. Shortly after THAT, the COO of deel reached back out to that employee via WhatsApp and that phone number.
- The information was about to publish a story about Deel potentially violating sanctions. New information in the article was that at least one of the customers involved was a company called "tinybird". No one at rippling was aware that this company even existed, but a week BEFORE the article came out, but after the reporter had been asking questions of Deel, D.S. started searching Slack for "tinybird" (and there were no other searches of "tinybird" across the whole company)
- Around the same time, the reporter for the information reached out to rippling and had internal Rippling slack messages about potential similar sanctions violations. A short time before that happened, D.S. was suddenly searching for "russia", "sanctions", "iran", etc.
- There was an email between D.S. and the ceo of Deel, along with an introduction to someone from the family VC fund.
- And then, of course, the honeypot - a fake channel, fake chats from the Rippling CRO, but the chats had real stories that former Deel employees had alleged. Email sent to only the CEO of Deel, his dad/chairman of the board, and their GC. Just a short time later, D.S. was searching for the fake channel, trying to find it, adn trying to find these chat messages.
I'm sure the CEO will try to have plausible deniability, that it was someone else in his org that he delegated investigating these things to, he had no idea, etc. But if they can get D.S. to crack and share the details of what happened, I think it will be tough to toe that line.