ByteDance’s Trae IDE sends 26MB of user data to China despite opt-out

A developer has discovered that ByteDance’s Trae AI-powered IDE continues collecting extensive user data and sending it to Chinese servers, even when users disable telemetry settings. The findings raise significant privacy and security concerns about data sovereignty, particularly given ByteDance’s persistent data collection despite user preferences and the lack of transparency about what information is being gathered.

What you should know: Trae’s telemetry toggle appears to be non-functional, with data collection continuing regardless of user settings.

• A GitHub report documented around 500 network calls in just seven minutes, transferring approximately 26MB of data to ByteDance servers on the byteoversea[.]com domain.
• The AI-powered IDE, marketed as a free alternative to Cursor, uses GPT-4o and Claude-3.5-Sonnet to boost productivity but consumes roughly three times more memory than Cursor and 6.3 times more than VS Code.

The data being collected: ByteDance is gathering comprehensive system and usage information that extends far beyond typical telemetry.

• System specifications include hardware specs, OS details, and performance metrics.
• User behavior data encompasses mouse and keyboard activity, usage patterns, and project file path information.
• The company also collects unique persistent identifiers that could enable long-term user tracking.

Remote control capabilities: The investigation revealed ByteDance has built-in mechanisms to modify Trae’s functionality without user knowledge.

• The company can remotely enable or disable features and modify functionality without pushing traditional software updates.
• This capability raises additional concerns about user control and software integrity.

Privacy concerns: The scope and destination of data collection present multiple red flags for enterprise and individual users.

• Major alarm bells center around data sovereignty, with sensitive information being routed to Chinese infrastructure.
• The developer expressed particular concern about the “unnecessary system information” being collected and transmitted.
• ByteDance’s failure to properly disclose the extent of data collection compounds transparency issues.

Company response: TechRadar Pro reached out to ByteDance for comment on these allegations but did not receive an immediate response.