ByteDance’s Trae IDE Under Fire: AI Coding Tool Caught Telemetry Spying Even After Opt-Out
Ddos 
Trae IDE, an AI-powered programming tool and integrated development environment (IDE) developed by ByteDance, has recently come under scrutiny on GitHub, where developers have raised concerns regarding both performance inefficiencies and potential privacy violations. Although users are ostensibly granted the option to disable telemetry, it appears that Trae IDE continues transmitting data even when this feature is turned off.
The primary performance issue stems from the IDE’s excessive integration overhead. Built upon Microsoft Visual Studio Code, Trae IDE was observed to launch 33 processes and consume 5.7 GB of memory when loading an identical codebase. In comparison, Microsoft’s Visual Studio Code required only 9 processes and 0.9 GB of memory, while Cursor AI needed just 11 processes and 1.9 GB—making Trae IDE’s resource consumption appear significantly inflated.
This conspicuous inefficiency did not go unnoticed by the developer community. In response, the Trae IDE team acknowledged the issue and released version 2.0.2, which brought substantial improvements. The number of processes was reduced from 33 to 13, and memory usage was brought down to 2.5 GB—demonstrating a marked optimization.
However, concerns surrounding data collection and telemetry remain. Upon launch, Trae IDE establishes connections to ByteDance servers and continuously uploads telemetry data under the pretext of improving user experience through behavioral analytics. The IDE maintains persistent communication with multiple domains, transmitting logs in the background.
A developer who attempted to disable telemetry within the settings discovered that doing so had no effect. Rather than decreasing network activity, the IDE intensified its requests to batch collection nodes. Even after disabling telemetry, logs were generated at a rapid pace, with individual data batches reaching as large as 53,606 bytes.
When a sufficient volume of telemetry logs had accumulated, Trae IDE resumed uploading them to the server. During active usage, the IDE established approximately 500 connections within seven minutes, transferring around 26 MB of data. This figure would likely increase dramatically over prolonged use.
Notably, when the developer raised these concerns in the Trae IDE Discord channel, they were unceremoniously blacklisted. Mentioning the keyword “tracking” automatically triggered a seven-day mute, a policy that applied universally to any user invoking the term. This punitive response left the developer frustrated and bewildered.
It is worth clarifying that Trae IDE communicates with servers operated by ByteDance’s international subsidiary, not with servers located in mainland China. Given that the international and Chinese editions of Trae IDE are maintained separately, the distinction in data storage appears to be a deliberate and reasonable design choice.
In summary, while the recent version of Trae IDE has made tangible progress in resolving its memory consumption issues, the persistent telemetry behavior and the questionable silencing of users who raise legitimate concerns leave much to be desired.
Related Posts:
- OpenAI Services Hit by Major Outage Due to Telemetry Service Deployment
- CVE-2024-3400 (CVSS 10): Critical 0-Day Flaw in Palo Alto Networks Firewall Software Exploited in the Wild
- Google Firebase Studio Launches as AI-Powered IDE Rival to Cursor AI
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
