If you have a few minutes, reading the full complaint is worth it - the blog posts and the articles don't really do the whole story justice.
There is extremely damning evidence that this unnamed individual ("D.S.") in Ireland was acting at the behest of Deel senior leadership, including:
- the COO of deel reached out to a rippling payroll manager on linkedin to recruit them. The rippling employee didn't respond. Shortly thereafter, D.S. pulled up that employees personnel record in the HR system that has their unlisted phone number. Shortly after THAT, the COO of deel reached back out to that employee via WhatsApp and that phone number.
- The information was about to publish a story about Deel potentially violating sanctions. New information in the article was that at least one of the customers involved was a company called "tinybird". No one at rippling was aware that this company even existed, but a week BEFORE the article came out, but after the reporter had been asking questions of Deel, D.S. started searching Slack for "tinybird" (and there were no other searches of "tinybird" across the whole company)
- Around the same time, the reporter for the information reached out to rippling and had internal Rippling slack messages about potential similar sanctions violations. A short time before that happened, D.S. was suddenly searching for "russia", "sanctions", "iran", etc.
- There was an email between D.S. and the ceo of Deel, along with an introduction to someone from the family VC fund.
- And then, of course, the honeypot - a fake channel, fake chats from the Rippling CRO, but the chats had real stories that former Deel employees had alleged. Email sent to only the CEO of Deel, his dad/chairman of the board, and their GC. Just a short time later, D.S. was searching for the fake channel, trying to find it, adn trying to find these chat messages.
I'm sure the CEO will try to have plausible deniability, that it was someone else in his org that he delegated investigating these things to, he had no idea, etc. But if they can get D.S. to crack and share the details of what happened, I think it will be tough to toe that line.
noisy_boy 101 days ago [-]
The honeypot story seems so weird:
> So, to confirm Deel’s involvement, Rippling’s General Counsel sent a legal letter to Deel’s senior leadership identifying a recently established Slack channel called “d-defectors,” in which (the letter implied) Rippling employees were discussing information that Deel would find embarrassing if made public. In reality, the “d-defectors” channel was not used by Rippling employees and contained no discussions at all. ... Yet, just hours after Rippling sent the letter to Deel’s executives and counsel, Deel’s spy searched for and accessed the #d-defectors channel—proving beyond any doubt that Deel’s top leadership, or someone acting on their behalf, had fed the information on the #d-defectors channel to Deel’s spy inside Rippling.
I am sending legal letter to someone warning them that I have dirt on them AND am also mentioning where the dirt is. And that didn't ring any warning bells to Deel's management? Just wow, if true. If they are truly this incompetent, they have no business doing corporate espionage.
pea 101 days ago [-]
This is hilariously similar to the ploy George Smiley gets Ricki Tarr to orchestrate from Paris in Tinker Tailor Soldier Spy
They were already doing stuff that's squarely behavior for which the board will fire you (and plausibly criminal), so prudence already departed.
refurb 100 days ago [-]
I don’t think the letter was “warning they have dirt on them”.
Presumably it was a letter on another topic say an accusation about Rippling poaching Deel’s employees.
Rippling’s legal counsel sends a letter back saying “we aren’t poaching, there are plenty of Deel employees are looking to leave based on posts to Twitter and Slack discussions such as those in the “d-defector” channel.”
noisy_boy 100 days ago [-]
The "d-defactor" channel isn't a world-famous Slack channel - Deel didn't think twice about why this supposedly internal channel name was mentioned in the communication other than being a bait, while many other things were "redacted"?
refurb 99 days ago [-]
The guy was doing a search of slack channel dozen of times per day for months and months.
He was clearly willing to take risks.
jobs_throwaway 101 days ago [-]
People who resort to corporate espionage do not have the most sound judgement
psd1 100 days ago [-]
I think you mean "sound values".
I suspect that criminality is correlated with stupidity, but that doesn't make all criminals stupid.
E.g. scammers based in non-extradition territories may be making a savvy career choice, if we ignore matters of conscience.
I have insufficient information to assess the level of risk, but I believe corporate espionage has been successful in the past (hello cold war, hello China).
These particular people may have dropped a bollock, but that doesn't mean that crime cannot pay.
droopyEyelids 101 days ago [-]
*People who are caught
noisy_boy 100 days ago [-]
I thought being smart was the core competency of being in the spying business :)
someuser2345 100 days ago [-]
If you're smart about spying, you don't get stories published about it.
ivraatiems 100 days ago [-]
It would be more about convincing others you're smart.
makestuff 101 days ago [-]
IMO this is going to create a wave of product offerings from security startups that "monitor for corporate espionage" similar to what Meta was doing tracking copy/paste into whats app, but do it across all apps. Like detect for seldom searched keywords, etc.
swyx 101 days ago [-]
or lets calm down, this much espionage doesnt actually happen that much, and when it does, separating out people on need-to-know basis and introducing honeypots have been routine parts of the process for decades and costs nothing, no startup to be built here
"security startups that "monitor for corporate espionage"" imply introducing yet another third party that literally has access to all the things (or logs thereof) thereby introducing a nice fat pwn factor for everyone
makestuff 101 days ago [-]
Oh I agree it is a bad idea, but that doesn't mean it will not happen.
rl1987 101 days ago [-]
This sort of stuff already exists. The term is Data Loss Prevention.
kstrauser 101 days ago [-]
Eh. DLP’s alright when the data is neatly identifiable. Like, a social security number has a well defined format. When you get into the abstract it’s less helpful.
groby_b 101 days ago [-]
"create"?
The keyword you're looking for is "data loss prevention", it's a thriving market.
financetechbro 101 days ago [-]
A flavor of these offerings already exist in the financial compliance world
Absolutely agree, although it's around an hour's read.
Into the void I say: There's a typo on page 39 (of the PDF; the bottom of the page says 37) line 1. That item should be item 4 since it comes after another item 3.
(page 12 also has "at which the Rippling would be offering those solutions" which should probably be just "Rippling", I suspect it said "the Rippling platform" before being corrected to "Rippling" but forgetting to remove "the")
anf0 102 days ago [-]
Is it known how Rippling obtained information about D.S.' Slack activity? Does Slack provide this information or did Rippling obtain this information by running third party monitoring software on D.S.' machine?
The complaint goes into a lot of detail. Start at page 16 and read through at least page 23 if you want to understand what Ripling could discern from the spy's Slack usage.
> In part to ensure that the confidential information in Rippling’s Slack channels is used only for authorized purposes, Rippling employees’ Slack activity is “logged,” meaning every time a user views a document through Slack, accesses a Slack channel, sends a message, or conducts searches on Slack, that activity (and the associated user) is recorded in a log file.
r00fus 101 days ago [-]
Enterprise Slack - everything is audited, and searchable with appropriate permissions. Your slacks on company time or with company equipment are not private from said company.
darth_avocado 101 days ago [-]
Enterprise Anything - everything is logged and searchable in any company that has an IT dept.
42lux 101 days ago [-]
Both would be fine? It’s a corp machine. If you find the amount of data disturbing don’t look what MS365/Teams is tracking…
ivraatiems 100 days ago [-]
Agree, the entire complaint is fascinating reading. I suspect Deel's responses will mostly be "we deny everything," but any counter-arguments they make will also be very interesting.
I have to say, I think if this was just limited to the Slack previewing behavior, it's unlikely it would have been caught. Previewing Slack channels is not particularly unusual or suspicious behavior and many people, probably most, don't even think of it as being something that'd be logged. (I personally didn't think of it until reading this post, but in retrospect, of course it is. Everything is.)
Crossing the line into dumb things like Deel executives personally contacting the spy's subordinates via their personal phone numbers, which he had no way of knowing is like sending up a massive flare of weirdness. I'm not saying loyalty to one's employer is everything, or even particularly important, but if I was randomly headhunted by a C-level from a direct competitor, who I had never spoken to or expressed interest in, I'd be pretty suspicious, and I'd find it underhanded. I might mention it to someone.
Supposing the allegations are substantially true, I wonder why Deel felt comfortable going that far. Maybe underestimation of competition?
frankfrank13 102 days ago [-]
> I'm sure the CEO will try to have plausible deniability
I'm not so sure, this is very damning
duskwuff 101 days ago [-]
It certainly is damning - but there's no upside to Deel in admitting to their actions, either.
probably_wrong 101 days ago [-]
I have never heard of either company before and I'm starting to wonder whether I'm the odd one out.
For those as lost as me, a cursory look tells me that Rippling is a "Workforce management system (HR, IT, Finance)" while Deel is a "Payroll, Compliance and HR Solution".
skerit 101 days ago [-]
I use Deel to hire people internationally. It's mostly an EOR company. They promised a lot though, I once thought about moving my entire HR workflow to Deel (even for local employees), but quickly decided against it.
dablweb 101 days ago [-]
Remote.com also compete in this space, and they have a pretty good UI and customer service.
Not cheap, but worth it for sure considering how much time they save you.
xtracto 101 days ago [-]
As someone outside the US who has worked with several of those companies before. The best one for the employees was Globalization Partners. Of course they were the most expensive.
Deel is the opposite: they provide US companies with gray area (or you could even say illegal in some countries) trickstery to reduce cost of employing people.
swyx 101 days ago [-]
what kind of trickstery are we talking, and how much saving can that really get you?
My company uses it. When you work for a company that uses Rippling, you are “co- employed” by both your company and Rippling. Your company does everything as far as hiring, firing, HR, management, etc.
But as far as taxes, insurance and benefits, you “work for” Rippling. It allows small companies to have the benefits of a larger company. Your company pays the PEO per head. It also serves as an SSO provider. Another startup I worked for in the past used Insperity.
paulgb 101 days ago [-]
They have a PEO option, but FWIW they can also be used as a payroll provider / HR system (benefits access, vacation tracking, etc.) without a PEO.
scarface_74 101 days ago [-]
That’s true. I got a “termination notice” from Rippling at the beginning of the year and had to fill out a W4 directly with my company. We are still using Rippling. But I assume not as a PEO anymore
NoahKAndrews 101 days ago [-]
I hope you knew that was coming, that would be terrifying out of the blue
scarface_74 101 days ago [-]
Yeah we were warned.
mdip 101 days ago [-]
The company my employer uses, as far as I can tell, handles all of HR functions -- compliance, training, tax/payroll, benefits and the like.
mdip 101 days ago [-]
Thank you for the explanation. It's been something I've been meaning to research because I'd never encountered this before my current employer and it's become something I will actually ask about in the future.
I prefer smaller employers (500 or less) but this is pretty fantastic. I've worked for a Fortune 500 employer with a solid, expensive-but-generously-subsidized healthcare plan, a tiny employer with expensive coverage that wasn't all that great but I've never been able to select from three different providers with a few options a piece.
It was a "killer feature" for me. My family has low-to-moderate medical needs, I like HSA eligible PPOs if the deductible/cost is right. I was able to find three plans that were taken by my family's specific specialists where I could max out the HSA deduction and pay less than half what I had at the last "typical employer plan" company.
This came too late for the Dental side of things -- I would have saved a couple grand per child on braces by purchasing the "Cadillac Plan" even with the two-year lock-in. The last three employers all had plans that seemingly no dentist on Earth is "in network" for and from insurance brands I've never heard of.
There's other upsides -- working at BigCo, we received various discounts at specific car rental companies/hotel chains that the company negotiated discounted rates in exchange for preference for business travel.
I haven't looked into what my company is doing, fully, yet, but it sounds like we have a subset of some of those features, too. We're around 150-200 people (I think) but this is the most comprehensive and reasonably priced benefits offering I've ever seen.
justinc8687 101 days ago [-]
I personally use Deel so that as a one-person company I can access large group benefits. Using their EOR saves me about $5000/year on health insurance compared to an ACA policy.
sroussey 101 days ago [-]
I have used TriNet for similar purposes in the past.
jddj 101 days ago [-]
Who covers the PI in these cases?
Edit: noticed you said insurances, is PI included?
scarface_74 101 days ago [-]
What’s PI?
101 days ago [-]
fireburning 100 days ago [-]
private investigation of the luggage villains that can induce pain in your right chest
jddj 100 days ago [-]
Professional indemnity
jeanlucas 101 days ago [-]
I don't know Rippling, but Deel is widely adopted over here in Brazil for startups hiring international workers.
pkilgore 101 days ago [-]
Be thankful you've never heard of Deel. It's the worst PEO I've ever used, by an extremely wide margin, having used 3 others.
101 days ago [-]
jacobsenscott 101 days ago [-]
If you've never worked at a company that uses rippling or deel you wouldn't. They are niche HR tools, mostly targeting smaller companies.
csomar 100 days ago [-]
If you don't hire (or are hired) internationally (across jurisdictions), then it makes sense if you have never heard of them.
101 days ago [-]
skizm 101 days ago [-]
The best part about this story is the spy, when asked to hand over his phone, decided to hide in the bathroom and lock himself in before storming out of the building refusing to hand it over.
> On March 12, Rippling sought and obtained an order from Ireland’s High Court to seize the alleged spy’s phone. When served, the purported spy feigned compliance before “hiding in the bathroom and then fleeing the scene,” the complaint says.
jacobsenscott 101 days ago [-]
This is gold, and hilarious. I get why someone would "spy" on rippling for money, but my god, don't use a phone. And why would you even need to be on prem to do this kind of spying? There are so many better ways.
The_Blade 101 days ago [-]
Fontaines H.C.
PhillyPhuture 101 days ago [-]
The VCs in DEEL (per Crunchbase):
Y Combinator
Andreessen Horowitz
SV Angel
General Catalyst
Spark Capital
Soma Capital
Coatue
Quiet Capital
AltaIR Capital
Elad Gil
Franklin Templeton
Alexis Ohanian
Four Cities Capital
Emerson Collective
Justin Mateen
Lachy Groom
Neo
Altimeter Capital
Mubadala
La Famiglia
Nat Friedman
Sinai Capital Partners
Firebolt Ventures
Y Combinator Continuity Fund
Daniel Gross
BAM Elevate
Avichal Garg
Incisive Ventures
Ryan Petersen
Darian Shirazi
Counterpart Advisors
Worklife
Weekend Fund
Recursive Ventures
William Hockey
Green Bay Ventures
Esas Ventures
Jeffrey Wilke
Roosh Ventures
Cem Garih
Fresh Ventures
Dara Khosrowshahi
Nick Raushenbush
Jeffrey Katzenberg
Bouaziz & Partners
Alexandre Scialom
Ben Lang
Vinay Hiremath
Rex Salisbury
Terrance McArthur
Pierre Bi
John Zimmer
Anthony Schiller
Talal Chedid
Raed Malek
groby_b 101 days ago [-]
OK, but why is this relevant?
theoryofx 101 days ago [-]
This is the logical conclusion of companies with undifferentiated crapware products that compete using aggressive sales teams.
Sales driven companies are all corrupt and corrupting. This kind of espionage is common, as is outright bribery of buyers.
gkoberger 101 days ago [-]
I can't believe I'm about to defend a HR payroll systems.... but I wouldn't call Rippling or Deel "crapware". We use both; they're boring but necessary products, and they do their job well.
[Edit: Added Deel, since we use both! Also hello to the Rippling salesperson who is reading this and is about to reach out to me to convince us to switch.]
LoganDark 101 days ago [-]
I think it's Deel that they're calling crapware, because they have to resort to such practices as these
gkoberger 101 days ago [-]
We use Deel, too, and it's not "crap" either. It's boring but that's somewhat the point... how "differentiated" can a payroll system get?
(Also, it's hard to call Deel undifferentiated since they were first to market on this product.)
groby_b 101 days ago [-]
If you have a reasonably competent sales team, you don't need "spying", you just ask the customers about their experience with the competitor.
Any reasonably company both shops around and is happy to throw one provider under any number of buses if it gets them a better deal with another provider.
The_Blade 101 days ago [-]
never spy on your competition using your company email
Remember that Israeli companies, including Deel, are mostly founded by members of Unit 8200 who are literal spies. These folks have their formative technical experience being spying on Palestinians in order to keep the occupation going.
Simple rule of thumb is never trust an Israeli company with your data or your customers' data.
sorokod 101 days ago [-]
Any specific reason you believe that Deel was founded by spies or is your statement based on some general principle?
> How did Deel start? What’s your story?
I'm originally from France. I lived in Israel, the U.K., the U.S., and Spain. Similarly, my co-founder, Shuo, was born and raised in Beijing. -Alex Bouaziz
pbiggar 99 days ago [-]
From wikipedia: "Deel Inc. is an Israeli-American outsourcing and human resources company,[3] based in San Francisco, California"
Deel is the worst. I had to use them to be paid as a contractor. This was ok for about two years. Then Deel decided it wanted to force everyone to be paid using their Deel Wallet, a stored balance visa card. The terms and conditions of the Deel Wallet would force arbitration, allowed arbitrary changes to deposit and withdrawal terms and came with a $1000 penalty of one should choose to file a legal claim against Deel Wallet..
ridruejo 102 days ago [-]
As the old saying goes … “The fact that you are paranoid doesn’t mean they are not out there to get you”
fireburning 100 days ago [-]
who says that? i have never heard the saying
maybe the they got to the paranoid and induced chest pains so they could never share their saying?
> Mitchell was the wife of John Mitchell, United States Attorney General in the Nixon administration. When she alleged that White House officials were engaged in illegal activities, her claims were attributed to mental illness. Ultimately, however, the facts of the Watergate scandal vindicated her and garnered her the label "The Cassandra of Watergate".
jeffdotdev 101 days ago [-]
We had about 75 people hired through deel at one point. I actually complained to them because they were reaching out to my people inviting them to "Deel Events" and sending them marketing emails.
Deel is just another tech company that thinks they're entitled to data, you're just a user to them. I hope Rippling wins, and that management team gets put in their place.
In the mean time, I'm back to setting up local entities. They took a great idea and ruined trust. When I called them on it they just gave me corporate gaslighting.
pbiggar 101 days ago [-]
We use Plane.com, as they are one of the few companies that support hiring in Palestine. Deel doesn't even list Palestine on their countries page, which tells you a lot about their ethics.
JustSkyfall 100 days ago [-]
It’s nice to see folks in the YC community actually care about genocide for sure :)
akoculu 100 days ago [-]
Incredible. So they're openly supporting genocide of Palestinians?
anonu 100 days ago [-]
Off topic but since we're talking about deel: how terrible is it to deal with deel?
I've been on employer side of things and it seems like any exceptions to the rigid workflow breaks the entire process. Customer service is completely helpless in solving your problems. Bugs in the UI persist for years. Random emails asking you to complete tasks for long offboarded contractors.
What a load of junk.
warp 100 days ago [-]
As a contractor being paid through deel, I don't have any issues, and it's much more convenient for me than what my employer used before. Useful features have been added over the past few years, though I don't like the most recent UI refresh.
I can have multiple accounts in different countries, and configure percentages to be paid out automatically to each of my bank accounts. European tranfers typically arrive almost instantly, to Ecuador typically arrive the next day, sometimes the same day. It's all fairly convenient.
ksynwa 101 days ago [-]
I am curious how they got suspicious of a potential spy in the first place.
ToValueFunfetti 101 days ago [-]
A journalist using private slack messages as a source reached out for comment on the story.
LoganDark 101 days ago [-]
In the actual filing, it is shown that a journalist was in possession of screenshots of internal Rippling Slack messages, which is what prompted the investigation.
frankfrank13 102 days ago [-]
Honestly insane if this ends up being true. Companies of course do research on their competitors, often leaning on employees who have left, current customers, investors, etc. But how [if true] Deel RECRUITED A SPY is so far beyond what anyone in 2025 should deem normal.
frankfrank13 102 days ago [-]
Some banks/hedge funds/PE firms etc have ENTIRE internal groups dedicated to figuring out what their competitors are doing. Thats basic game theory! This is not that, and that anyone at Deel thought they would get away with this (if true) is nuts.
winterbloom 101 days ago [-]
why shouldn't this fall under "all's fair in love and war"
relistan 101 days ago [-]
In many countries, the theft of trade secrets is a serious crime. In the US, for example, it carries a penalty of up to 10 years in prison and a $5M fine. It’s unclear to me why this is a civil suit. It may have to do with the alleged activity taking place overseas.
ianhawes 101 days ago [-]
It's a civil suit now, but has most likely been referred to the DOJ and US Attorney's Office for criminal investigation.
Best case scenario for Rippling: within 6 months the Deel board boots out the CFO & CEO. Shortly thereafter, several people involved on the U.S. side (and potentially their Irish spy) will be indicted for criminal violations of the Economic Espionage Act (notably Rippling has sued Deel for violating the Defend Trade Secrets Act, which provides for civil remedies). In their lawsuit, Rippling has classified their Sales and Marketing Strategy as "trade secrets" which is something that Deel will dispute given that marketing is inherently public. How that plays out criminally is another story, but chances are once the FBI digs into the Deel internal messages, they will find incriminating evidence. 1 or 2 of the Deel executives will plead guilty to conspiracy charges and get 1 year and 1 day. Deel, the corporation entity, will enter into a deferred prosecution agreement.
It's buried in the lawsuit, but Deel is implicated in sending payments overseas to Russia ostensibly in violation of international sanctions. In the Biden administration, this would have definitely interested a US Attorney, but not so much in this administration. Whether it has changed Rippling's strategy vis-à-vis best way to hurt Deel is another story. Perhaps they saw the possibility of Deel not facing punishment or press coverage over the Russia sanctions issue precisely because of the administration change and decided to play their other card: a spy.
Best case scenario for Deel: they covered their tracks internally by using auto-deleting Signal and theres no actual evidence of executives dictating what their alleged spy should be doing. They settle the lawsuit for several million dollars and politely apologize to Parker. Maybe there is a countersuit somewhere? Rippling has pursued this aggressively and confidently which hints that maybe there is some level of projection (i.e. they also had a spy in Deel). As for the criminal charges, if it gets to the point of an indictment of a C-level person, they will have lost, so Deel will need to hope someone low level was involved to pin it on.
baskinator 101 days ago [-]
> Rippling has pursued this aggressively and confidently which hints that maybe there is some level of projection (i.e. they also had a spy in Deel).
Sounds like this came from Deel's PR team. Care to elaborate?
This type of baseless accusation reeks like what Zenefits did to Conrad.
andrelaszlo 101 days ago [-]
Where, then, do you draw the line? I don't get your comment lol. Kidnapping is fair, as long as it's a competitor?
You're probably joking but it's hard to tell with all the "contrarians" and "devil's advocates" out there.
ksynwa 101 days ago [-]
Because that is not a statute
101 days ago [-]
no_wizard 101 days ago [-]
I don’t feel sorry for corporations being spied on by each other. They do this to their own employees to exert control and the general public to make a buck all the time.
I couldn’t care less about this. Honestly the shit corporations pull on the daily in 2025 shouldn’t be considered normal.
Why should I be worked up about this?
no_wizard 101 days ago [-]
Anyone want to take a stab at actually answering my question and giving me any reason to change my view?
Eridrus 100 days ago [-]
Because it creates bad incentives and workplaces.
Nobody likes the conditions working in places that have to take counterintelligence seriously.
no_wizard 100 days ago [-]
>Because it creates bad incentives and workplaces
There are already bad incentives and workplaces. They exist irregardless of this. What exactly does it create in this regard?
>Nobody likes the conditions working in places that have to take counterintelligence seriously.
Is there any backing evidence that can be produced about this assertion?
Counter intelligence is also fairly vague and could mean a wide variety of things. Is there any specifics?
Eridrus 100 days ago [-]
You can probably think of some yourself. Or you can continue being obtuse, up to you.
flas9sd 101 days ago [-]
for anyone wanting the Matt Levine delivery on this, it was in his Newsletter yesterday under "Spies in the Sales Slack"
> who also heard D.S. flush the toilet — suggesting that D.S. may have attempted to flush his phone down the toilet rather than provide it for inspection. Later that day, Rippling had the plumbing of its Dublin offices inspected, but did not locate any mobile devices.
I really have a boring life...
shadowtree 101 days ago [-]
I love how Cyberpunk is becoming real.
Black ICE, netrunners and rogue AIs will soon be added to the mix.
Off to re-read Neuromancer, so far ahead of its time.
ilrwbwrkhv 101 days ago [-]
If I was young and single I would totally polish my cybersecurity stuff and offer my services to company to hack into other companies.
With vibe coding and all of these things becoming more popular it's a dream career for the next 10 to 20 years for a cyber security dev.
Hammerhead12321 101 days ago [-]
Isn’t that a crime..?
ilrwbwrkhv 101 days ago [-]
simple script kiddie attacks that stopped working in the mid 2000's will suddenly work again for awhile until the Gen AI's "learn" how to write secure code. And by "learn" I mean that should probably stop scraping Stackoverflow comments and using it as a source of truth on how something should be done.
firefax 101 days ago [-]
script kiddies don't use buffer overflows, script kiddies try the top 20 most popular passwords and deface your wordpress. AI might learn to code in rust or whatever, but you'll forever have the human factor inherent in systems administration that makes skidding a valid tactic.
csomar 100 days ago [-]
Get paid in crypto and settle in some out-of-law jurisdiction?
ok_dad 101 days ago [-]
Jesus H. Christ, people are taking the wrong idea from those types of stories! Those are cautionary tales of giving corporations too much power, and letting them take over the government. These stories are meant to show that when a sociopathic entity (a corp), which has one goal of profit above all else, is given power then it will use it without considering the human effects. This type of story isn't even prescient, most of them were written in a way that simply shines a light onto things that today's corps are already doing!
These writers weren't trying to excite you, they were trying to warn you. I'm having existential dread that people want to see cyberpunk-like things come to reality.
fireburning 100 days ago [-]
lmao AI can't even do a single task without being begged like a feudal lord
jedberg 101 days ago [-]
Interestingly both are YC companies. Maybe YC can sort it out for them!
ahstilde 101 days ago [-]
This one is probably above 99% of investors' payroll
jedberg 101 days ago [-]
Oh for sure, I was being tounge-in-cheek.
fireburning 100 days ago [-]
time for the most favored activity in the USA: fight clubbbbbbb
phpnode 101 days ago [-]
@dang is this story getting flagged? It's appeared under various links in the last 24hrs and does not appear to have ever hit the front page despite a bunch of upvotes. This story seems relevant to HN, and given the policy of careful moderation of stories related to YC-companies perhaps it deserves a spot in the another-chance queue?
101 days ago [-]
pbiggar 101 days ago [-]
[flagged]
pilingual 101 days ago [-]
I still can't understand how YC funds competing companies. Where is the efficiency in that? You have your portfolio companies wasting time with (alleged) spies and lawsuits.
They say they just admit smart people. So 3 friends from MIT get in to YC, and at the first office hours said friends tell the YC partners they are working on a startup that starts startups. Awkward.
Deel was founded in 2019 and, in Rippling's opinion, began competing with Rippling in 2022.
Centigonal 101 days ago [-]
Rippling and Deel started by addressing different markets. They converged when they realized that there is a need for comprehensive payroll and people management software that's integrated with services like PEO and international staffing.
phpnode 101 days ago [-]
It’s rarely a case of winner takes all, and in this specific scenario both companies have grown into billion dollar valuations. Seems like it’s working for them, ignoring all the lawsuits
pilingual 101 days ago [-]
I've learned that no one at YC saw this coming. My bad.
Also I thought YC was supposed to sniff out jerks, what happened to that?
My point was merely that YC is about startups which are all about growth. There is no requirement for innovation. Maybe there should be more scrutiny on the idea of the founders. Don't let in people just because they are formidable and went to Berkeley. Reddit's original idea, ordering via cell phone, was arguably innovative for the pre-smartphone era.
borski 101 days ago [-]
> Also I thought YC was supposed to sniff out jerks, what happened to that?
Did you also think YC was perfect?
pilingual 100 days ago [-]
No, but this is a huge oversight on character judgement.
There's a history of gloating here. So much so they named a podcast "The Social Radars."
Back to the point: they should consider re-evaluating their admission process. Heads down coding, talking with users, selling -- choose two. https://www.youtube.com/watch?v=Gt9dnFp1M0E
firefax 101 days ago [-]
>I still can't understand how YC funds competing companies. Where is the efficiency in that?
I thought that's a core tenet of angel investing? Maybe not purposefully funding rivals, but funding many ventures with the knowledge many will fail while a few rise.
101 days ago [-]
bschmidt67 101 days ago [-]
[dead]
barbazoo 101 days ago [-]
> Deel tried to charge my employee a fee to get paid on time
I used to be employed through Deel and that doesn't ring a bell, how did they charge the employee for getting paid on time?
No, they won’t. They’ll hold the pay stub for 1-3 days. Your payment happens on pay day.
misiti3780 101 days ago [-]
getting downvoted for asking a question ... cool
unknownab12 100 days ago [-]
[dead]
102 days ago [-]
americandev 102 days ago [-]
[flagged]
anonymoustrolol 102 days ago [-]
Isn't this like the third lawsuit Rippling has put up against Deel. There was one for some church thing end of last year, and they made a big stink in 2023 when regulations on prop trading shops changed.
If the allegations are true, it's insane. But also feels a bit boy cried wolf.
blandcoffee 102 days ago [-]
Did you read the complaint?
If the honeypot description is accurate, the wolf is real. The below is from section 5 of their complaint [1]:
> Rippling’s General
Counsel sent a legal letter to Deel’s senior leadership identifying a recently established Slack
channel called “d-defectors,”
> In reality, the “d-defectors” channel
was not used by Rippling employees and contained no discussions at all. It had never been searched
for or accessed by the spy, would not have come up in any of the spy’s previous searches, and the
spy had no legitimate reason to access the channel. Crucially, this legal letter was only sent to three
recipients, all associated with Deel: Deel’s Chairman, Chief Financial Officer, and General Counsel
(Philippe Bouaziz), Deel’s Head of U.S. Legal (Spiros Komis), and Deel’s outside counsel. Neither
the letter nor the #d-defectors channel was known to anyone outside of Rippling’s investigative team
and the Deel recipients. Yet, just hours after Rippling sent the letter to Deel’s executives and
counsel, Deel’s spy searched for and accessed the #d-defectors channel
I know, insane if true. But it seems like Parker is pretty litigious these days, and I guess feels like he's losing? There was a very cringe snake game a couple of months ago where the Deel logo was a snake, which leads me to believe he's not fighting from the point of strength.
May fav part: "D.S. was heard ‘doing something’ on his phone by the independent solicitor, who also heard D.S. flush the toilet— suggesting that D.S. may have attempted to flush his phone down the toilet rather than provide it for inspection."
llamaimperative 101 days ago [-]
Maybe vibes isn’t the best way to interpret the goings on in the world
whbboyd 101 days ago [-]
We have exactly one piece of data on this case right now, which is the filed legal complaint. As a parody of corporate espionage, it's excellent, but as a piece of evidence… I would treat it with about the same seriousness as a parody of corporate espionage. Rippling has some incentive not to lie outright, but none whatsoever not to exaggerate the living heck out of everything. And so that leaves us with one unreliable document, and general background information on the parties, or "vibes" as you dismiss it. And the general background is that Rippling is litigious and clearly has a preexisting axe to grind with Deel.
lcnPylGDnU4H9OF 101 days ago [-]
> Rippling has some incentive not to lie outright, but none whatsoever not to exaggerate the living heck out of everything.
What could have been exaggerated in the honeypot story? That seems pretty damning and they would be able to provide evidence to back it up (e.g. Slack access logs and the email).
Rendered at 12:33:49 GMT+0000 (Coordinated Universal Time) with Vercel.
There is extremely damning evidence that this unnamed individual ("D.S.") in Ireland was acting at the behest of Deel senior leadership, including:
- the COO of deel reached out to a rippling payroll manager on linkedin to recruit them. The rippling employee didn't respond. Shortly thereafter, D.S. pulled up that employees personnel record in the HR system that has their unlisted phone number. Shortly after THAT, the COO of deel reached back out to that employee via WhatsApp and that phone number.
- The information was about to publish a story about Deel potentially violating sanctions. New information in the article was that at least one of the customers involved was a company called "tinybird". No one at rippling was aware that this company even existed, but a week BEFORE the article came out, but after the reporter had been asking questions of Deel, D.S. started searching Slack for "tinybird" (and there were no other searches of "tinybird" across the whole company)
- Around the same time, the reporter for the information reached out to rippling and had internal Rippling slack messages about potential similar sanctions violations. A short time before that happened, D.S. was suddenly searching for "russia", "sanctions", "iran", etc.
- There was an email between D.S. and the ceo of Deel, along with an introduction to someone from the family VC fund.
- And then, of course, the honeypot - a fake channel, fake chats from the Rippling CRO, but the chats had real stories that former Deel employees had alleged. Email sent to only the CEO of Deel, his dad/chairman of the board, and their GC. Just a short time later, D.S. was searching for the fake channel, trying to find it, adn trying to find these chat messages.
I'm sure the CEO will try to have plausible deniability, that it was someone else in his org that he delegated investigating these things to, he had no idea, etc. But if they can get D.S. to crack and share the details of what happened, I think it will be tough to toe that line.
> So, to confirm Deel’s involvement, Rippling’s General Counsel sent a legal letter to Deel’s senior leadership identifying a recently established Slack channel called “d-defectors,” in which (the letter implied) Rippling employees were discussing information that Deel would find embarrassing if made public. In reality, the “d-defectors” channel was not used by Rippling employees and contained no discussions at all. ... Yet, just hours after Rippling sent the letter to Deel’s executives and counsel, Deel’s spy searched for and accessed the #d-defectors channel—proving beyond any doubt that Deel’s top leadership, or someone acting on their behalf, had fed the information on the #d-defectors channel to Deel’s spy inside Rippling.
I am sending legal letter to someone warning them that I have dirt on them AND am also mentioning where the dirt is. And that didn't ring any warning bells to Deel's management? Just wow, if true. If they are truly this incompetent, they have no business doing corporate espionage.
Presumably it was a letter on another topic say an accusation about Rippling poaching Deel’s employees.
Rippling’s legal counsel sends a letter back saying “we aren’t poaching, there are plenty of Deel employees are looking to leave based on posts to Twitter and Slack discussions such as those in the “d-defector” channel.”
He was clearly willing to take risks.
I suspect that criminality is correlated with stupidity, but that doesn't make all criminals stupid.
E.g. scammers based in non-extradition territories may be making a savvy career choice, if we ignore matters of conscience.
I have insufficient information to assess the level of risk, but I believe corporate espionage has been successful in the past (hello cold war, hello China).
These particular people may have dropped a bollock, but that doesn't mean that crime cannot pay.
"security startups that "monitor for corporate espionage"" imply introducing yet another third party that literally has access to all the things (or logs thereof) thereby introducing a nice fat pwn factor for everyone
The keyword you're looking for is "data loss prevention", it's a thriving market.
Really worth the full read.
Absolutely agree, although it's around an hour's read.
Into the void I say: There's a typo on page 39 (of the PDF; the bottom of the page says 37) line 1. That item should be item 4 since it comes after another item 3.
(page 12 also has "at which the Rippling would be offering those solutions" which should probably be just "Rippling", I suspect it said "the Rippling platform" before being corrected to "Rippling" but forgetting to remove "the")
> In part to ensure that the confidential information in Rippling’s Slack channels is used only for authorized purposes, Rippling employees’ Slack activity is “logged,” meaning every time a user views a document through Slack, accesses a Slack channel, sends a message, or conducts searches on Slack, that activity (and the associated user) is recorded in a log file.
I have to say, I think if this was just limited to the Slack previewing behavior, it's unlikely it would have been caught. Previewing Slack channels is not particularly unusual or suspicious behavior and many people, probably most, don't even think of it as being something that'd be logged. (I personally didn't think of it until reading this post, but in retrospect, of course it is. Everything is.)
Crossing the line into dumb things like Deel executives personally contacting the spy's subordinates via their personal phone numbers, which he had no way of knowing is like sending up a massive flare of weirdness. I'm not saying loyalty to one's employer is everything, or even particularly important, but if I was randomly headhunted by a C-level from a direct competitor, who I had never spoken to or expressed interest in, I'd be pretty suspicious, and I'd find it underhanded. I might mention it to someone.
Supposing the allegations are substantially true, I wonder why Deel felt comfortable going that far. Maybe underestimation of competition?
I'm not so sure, this is very damning
Not cheap, but worth it for sure considering how much time they save you.
Deel is the opposite: they provide US companies with gray area (or you could even say illegal in some countries) trickstery to reduce cost of employing people.
https://www.rippling.com/peo
My company uses it. When you work for a company that uses Rippling, you are “co- employed” by both your company and Rippling. Your company does everything as far as hiring, firing, HR, management, etc.
But as far as taxes, insurance and benefits, you “work for” Rippling. It allows small companies to have the benefits of a larger company. Your company pays the PEO per head. It also serves as an SSO provider. Another startup I worked for in the past used Insperity.
I prefer smaller employers (500 or less) but this is pretty fantastic. I've worked for a Fortune 500 employer with a solid, expensive-but-generously-subsidized healthcare plan, a tiny employer with expensive coverage that wasn't all that great but I've never been able to select from three different providers with a few options a piece.
It was a "killer feature" for me. My family has low-to-moderate medical needs, I like HSA eligible PPOs if the deductible/cost is right. I was able to find three plans that were taken by my family's specific specialists where I could max out the HSA deduction and pay less than half what I had at the last "typical employer plan" company.
This came too late for the Dental side of things -- I would have saved a couple grand per child on braces by purchasing the "Cadillac Plan" even with the two-year lock-in. The last three employers all had plans that seemingly no dentist on Earth is "in network" for and from insurance brands I've never heard of.
There's other upsides -- working at BigCo, we received various discounts at specific car rental companies/hotel chains that the company negotiated discounted rates in exchange for preference for business travel.
I haven't looked into what my company is doing, fully, yet, but it sounds like we have a subset of some of those features, too. We're around 150-200 people (I think) but this is the most comprehensive and reasonably priced benefits offering I've ever seen.
Edit: noticed you said insurances, is PI included?
> On March 12, Rippling sought and obtained an order from Ireland’s High Court to seize the alleged spy’s phone. When served, the purported spy feigned compliance before “hiding in the bathroom and then fleeing the scene,” the complaint says.
Y Combinator Andreessen Horowitz SV Angel General Catalyst Spark Capital Soma Capital Coatue Quiet Capital AltaIR Capital Elad Gil Franklin Templeton Alexis Ohanian Four Cities Capital Emerson Collective Justin Mateen Lachy Groom Neo Altimeter Capital Mubadala La Famiglia Nat Friedman Sinai Capital Partners Firebolt Ventures Y Combinator Continuity Fund Daniel Gross BAM Elevate Avichal Garg Incisive Ventures Ryan Petersen Darian Shirazi Counterpart Advisors Worklife Weekend Fund Recursive Ventures William Hockey Green Bay Ventures Esas Ventures Jeffrey Wilke Roosh Ventures Cem Garih Fresh Ventures Dara Khosrowshahi Nick Raushenbush Jeffrey Katzenberg Bouaziz & Partners Alexandre Scialom Ben Lang Vinay Hiremath Rex Salisbury Terrance McArthur Pierre Bi John Zimmer Anthony Schiller Talal Chedid Raed Malek
Sales driven companies are all corrupt and corrupting. This kind of espionage is common, as is outright bribery of buyers.
[Edit: Added Deel, since we use both! Also hello to the Rippling salesperson who is reading this and is about to reach out to me to convince us to switch.]
(Also, it's hard to call Deel undifferentiated since they were first to market on this product.)
Any reasonably company both shops around and is happy to throw one provider under any number of buses if it gets them a better deal with another provider.
hilarity ensues
Simple rule of thumb is never trust an Israeli company with your data or your customers' data.
In general though, what would you expect from young people who spent years in high-tech heavy SIGINT unit to do?
https://en.wikipedia.org/wiki/Deel_Inc.
> How did Deel start? What’s your story? I'm originally from France. I lived in Israel, the U.K., the U.S., and Spain. Similarly, my co-founder, Shuo, was born and raised in Beijing. -Alex Bouaziz
Also, they're listed on https://www.israelitechalternatives.com/company/deel/
maybe the they got to the paranoid and induced chest pains so they could never share their saying?
> Mitchell was the wife of John Mitchell, United States Attorney General in the Nixon administration. When she alleged that White House officials were engaged in illegal activities, her claims were attributed to mental illness. Ultimately, however, the facts of the Watergate scandal vindicated her and garnered her the label "The Cassandra of Watergate".
Deel is just another tech company that thinks they're entitled to data, you're just a user to them. I hope Rippling wins, and that management team gets put in their place.
In the mean time, I'm back to setting up local entities. They took a great idea and ruined trust. When I called them on it they just gave me corporate gaslighting.
I've been on employer side of things and it seems like any exceptions to the rigid workflow breaks the entire process. Customer service is completely helpless in solving your problems. Bugs in the UI persist for years. Random emails asking you to complete tasks for long offboarded contractors.
What a load of junk.
I can have multiple accounts in different countries, and configure percentages to be paid out automatically to each of my bank accounts. European tranfers typically arrive almost instantly, to Ecuador typically arrive the next day, sometimes the same day. It's all fairly convenient.
Best case scenario for Rippling: within 6 months the Deel board boots out the CFO & CEO. Shortly thereafter, several people involved on the U.S. side (and potentially their Irish spy) will be indicted for criminal violations of the Economic Espionage Act (notably Rippling has sued Deel for violating the Defend Trade Secrets Act, which provides for civil remedies). In their lawsuit, Rippling has classified their Sales and Marketing Strategy as "trade secrets" which is something that Deel will dispute given that marketing is inherently public. How that plays out criminally is another story, but chances are once the FBI digs into the Deel internal messages, they will find incriminating evidence. 1 or 2 of the Deel executives will plead guilty to conspiracy charges and get 1 year and 1 day. Deel, the corporation entity, will enter into a deferred prosecution agreement.
It's buried in the lawsuit, but Deel is implicated in sending payments overseas to Russia ostensibly in violation of international sanctions. In the Biden administration, this would have definitely interested a US Attorney, but not so much in this administration. Whether it has changed Rippling's strategy vis-à-vis best way to hurt Deel is another story. Perhaps they saw the possibility of Deel not facing punishment or press coverage over the Russia sanctions issue precisely because of the administration change and decided to play their other card: a spy.
Best case scenario for Deel: they covered their tracks internally by using auto-deleting Signal and theres no actual evidence of executives dictating what their alleged spy should be doing. They settle the lawsuit for several million dollars and politely apologize to Parker. Maybe there is a countersuit somewhere? Rippling has pursued this aggressively and confidently which hints that maybe there is some level of projection (i.e. they also had a spy in Deel). As for the criminal charges, if it gets to the point of an indictment of a C-level person, they will have lost, so Deel will need to hope someone low level was involved to pin it on.
Sounds like this came from Deel's PR team. Care to elaborate?
This type of baseless accusation reeks like what Zenefits did to Conrad.
You're probably joking but it's hard to tell with all the "contrarians" and "devil's advocates" out there.
I couldn’t care less about this. Honestly the shit corporations pull on the daily in 2025 shouldn’t be considered normal.
Why should I be worked up about this?
Nobody likes the conditions working in places that have to take counterintelligence seriously.
There are already bad incentives and workplaces. They exist irregardless of this. What exactly does it create in this regard?
>Nobody likes the conditions working in places that have to take counterintelligence seriously.
Is there any backing evidence that can be produced about this assertion?
Counter intelligence is also fairly vague and could mean a wide variety of things. Is there any specifics?
Or, if that one hits you with a paywall, https://kill-the-newsletter.com/feeds/q8hb21183k12fmnv/entri... should work for a few days.
I really have a boring life...
Black ICE, netrunners and rogue AIs will soon be added to the mix.
Off to re-read Neuromancer, so far ahead of its time.
With vibe coding and all of these things becoming more popular it's a dream career for the next 10 to 20 years for a cyber security dev.
These writers weren't trying to excite you, they were trying to warn you. I'm having existential dread that people want to see cyberpunk-like things come to reality.
They say they just admit smart people. So 3 friends from MIT get in to YC, and at the first office hours said friends tell the YC partners they are working on a startup that starts startups. Awkward.
Deel was founded in 2019 and, in Rippling's opinion, began competing with Rippling in 2022.
Also I thought YC was supposed to sniff out jerks, what happened to that?
My point was merely that YC is about startups which are all about growth. There is no requirement for innovation. Maybe there should be more scrutiny on the idea of the founders. Don't let in people just because they are formidable and went to Berkeley. Reddit's original idea, ordering via cell phone, was arguably innovative for the pre-smartphone era.
Did you also think YC was perfect?
There's a history of gloating here. So much so they named a podcast "The Social Radars."
Back to the point: they should consider re-evaluating their admission process. Heads down coding, talking with users, selling -- choose two. https://www.youtube.com/watch?v=Gt9dnFp1M0E
I thought that's a core tenet of angel investing? Maybe not purposefully funding rivals, but funding many ventures with the knowledge many will fail while a few rise.
I used to be employed through Deel and that doesn't ring a bell, how did they charge the employee for getting paid on time?
If the allegations are true, it's insane. But also feels a bit boy cried wolf.
If the honeypot description is accurate, the wolf is real. The below is from section 5 of their complaint [1]:
> Rippling’s General Counsel sent a legal letter to Deel’s senior leadership identifying a recently established Slack channel called “d-defectors,”
> In reality, the “d-defectors” channel was not used by Rippling employees and contained no discussions at all. It had never been searched for or accessed by the spy, would not have come up in any of the spy’s previous searches, and the spy had no legitimate reason to access the channel. Crucially, this legal letter was only sent to three recipients, all associated with Deel: Deel’s Chairman, Chief Financial Officer, and General Counsel (Philippe Bouaziz), Deel’s Head of U.S. Legal (Spiros Komis), and Deel’s outside counsel. Neither the letter nor the #d-defectors channel was known to anyone outside of Rippling’s investigative team and the Deel recipients. Yet, just hours after Rippling sent the letter to Deel’s executives and counsel, Deel’s spy searched for and accessed the #d-defectors channel
[1] https://rippling2.imgix.net/Complaint.pdf
May fav part: "D.S. was heard ‘doing something’ on his phone by the independent solicitor, who also heard D.S. flush the toilet— suggesting that D.S. may have attempted to flush his phone down the toilet rather than provide it for inspection."
What could have been exaggerated in the honeypot story? That seems pretty damning and they would be able to provide evidence to back it up (e.g. Slack access logs and the email).