字节旗下AI编程工具Trae被指涉嫌“偷跑”用户数据 官方回应

Core Viewpoint - A developer has raised concerns about ByteDance's AI programming environment, Trae IDE, alleging that it uploads user data to ByteDance servers without explicit user consent, even when telemetry features are disabled [2][4]. Group 1: Data Upload Concerns - Trae IDE reportedly initiates approximately 500 network requests within 7 minutes, uploading a total of 26MB of data, which may include sensitive information such as hardware configuration, operating system details, usage habits, unique identifiers, project paths, and even mouse and keyboard actions [2]. - The report indicates that Trae IDE has "backdoor capabilities," allowing it to remotely enable or disable specific features without user knowledge or manual updates, potentially altering the IDE's behavior [2]. Group 2: Performance and Resource Usage - Testing shows that Trae IDE's memory usage is over five times that of VS Code, with an unusually high number of processes running [2]. - Network analysis reveals that Trae regularly transmits hardware information, system version, usage duration, session status, resource usage rates, and obfuscated file paths, continuing to upload data even after telemetry features are turned off [2]. Group 3: Company Response and Industry Context - ByteDance responded by stating that Trae collects non-sensitive statistical data and performance metrics, such as page clicks and feature usage frequency, which do not involve personal identity or privacy information, and that data usage complies with regional data protection regulations [4]. - This is not the first instance of ByteDance products facing data handling controversies, as previous products like Lark and TikTok have also attracted regulatory scrutiny regarding data practices [4]. - Industry experts emphasize the urgent need for establishing data security standards as AI development tools become more widespread [4].