AI model reportedly transmits data to ByteDance, despite tracking being disabled
ByteDance's recently released Trae AI-powered Integrated Development Environment (IDE) has raised concerns over privacy and data sovereignty, as it continues to collect and transmit extensive user data to Chinese servers, even when telemetry is disabled by the user.
According to various reports, the IDE sends around 26MB of telemetry data—including detailed hardware fingerprints, persistent user identifiers, and real-time user activity—to ByteDance endpoints, such as the byteoversea[.]com domain. This persistent telemetry is a cause for concern as users' preferences to opt out are not respected, and the data collected is far more detailed and voluminous than typical IDE telemetry.
The telemetry feature in Trae captures data including system information, usage patterns, performance metrics, unique machine identifiers, user ID, project information, and full file contents every time a document is opened and changed. Despite having a telemetry toggle in the settings, the feature appears non-functional, with the IDE sending telemetry data regardless of the user's preference.
Investigations have revealed ByteDance's ability to remotely modify Trae's behavior without user knowledge, indicating potential further lack of user control or transparency. As of late July and early August 2025, no clear official response or privacy controls have been disclosed by ByteDance to address these concerns.
However, ByteDance has updated the wording in the IDE telemetry setting to clarify that it only controls telemetry collection via the Visual Studio Code (VS Code) IDE framework, and not telemetry data collection via other Trae tools. The extent to which this clarification addresses user concerns remains unclear.
Despite these issues, Trae IDE assures developers that it does not train any AI models or store user data for training purposes. The tool panel in Trae can display the code editor, terminal, web application preview, or product requirements document (PRD). Trae applications are deployed by default to Vercel's hosting platform.
Trae IDE was released in January this year and is a fork of Code OSS, the open source code used by Visual Studio Code. The billing model for Trae has a free plan and a Pro plan, with billing based on the number of AI requests and the large language model used. The Pro plan costs $10.00 per month and allows up to 600 fast requests and unlimited slow requests, with additional fast requests available for purchase.
ByteDance recently released Trae 2.0 with a new visual language and a new Solo mode, available only to developers on a Pro plan. This new version presents a redesigned developer environment based on an AI panel and a unified tool panel. A unique Flow feature in Solo mode automatically switches the tool panel based on what the AI is working on.
A discussion about the telemetry issue on the official Trae Discord forum resulted in the author of the report being blocked from posting for seven days. However, it was later revealed that the user was muted not because of discussion of tracking, but because of the use of the word "tokens" which automatically blocks accounts for a week to prevent "crypto topics and scams."
Despite these concerns, the discussion on Hacker News showed that many developers are attracted to Trae because the AI features cost about half of what other editors are charging, and the free tier has generous limits. An earlier analysis this year, from Lance James at cybersecurity company Unit 221B, found persistent connections to ByteDance servers, a permanent device identification system, and the ability for ByteDance to remotely enable or disable features and modify functionality without pushing updates. James also identified a local AI completion endpoint in Trae, which sends user authentication data and is described as a potential attack vector for interception.
In summary, despite telemetry toggles, Trae IDE continues to collect and send extensive user data to ByteDance servers, and users currently lack effective mechanisms to control or prevent telemetry data transmissions from Trae tools beyond the IDE settings, which appear ineffective. The lack of transparency and control over the data collection and transmission process raises significant concerns for users and developers alike.
- The Trae AI-powered Integrated Development Environment (IDE), an open source tool developed by ByteDance, has been criticized for its extensive data collection and transmission practices, causing concerns about privacy and data sovereignty.
- Investigations have revealed that Trae IDE sends around 26MB of user data, including detailed hardware fingerprints, persistent user identifiers, and real-time user activity, to ByteDance endpoints, even when telemetry is disabled by the user.
- In response to privacy concerns, ByteDance has updated the wording in the IDE telemetry setting to clarify that it only controls telemetry collection via the Visual Studio Code (VS Code) IDE framework, and not telemetry data collection via other Trae tools, but the extent to which this clarification addresses user concerns remains unclear.
- Despite the cost-efficiency of its AI features, the perpetual connections to ByteDance servers, permanent device identification system, and the ability for ByteDance to remotely enable or disable features and modify functionality without pushing updates in Trae raise questions about the security and transparency of the software.
- The discussion on telemetry concerns on the official Trae Discord forum was met with a seven-day ban for the report's author, leading to speculation that the platform may be restricting critical discussions and raising additional concerns about privacy and freedom of speech in the cybersecurity and technology sector.
