Performance and Telemetry Analysis of Trae IDE, ByteDance's VSCode Fork
207 comments
·July 27, 2025barkingcat
There's also the Eclipse VScode-look-alike-reimplementation called TheiaIDE
It was rough a few years ago, but nowadays it's pretty nice. TI rebuilt their Code Composer Studio using Theia so it does have some larger users. It has LSP support and the same Monaco editor backend - which is all I need.
It's VSCode-with-an-Eclipse-feel to it - which might or might not be your cup of tea, but it's an alternative.
v3ss0n
Yeah , INSEAD of forking vscode which is not modification friendly they should justuse theia because it is maintained to be modular and allowed to be used like a Library to build IDEs of your choice.
bobajeff
The feature that keeps me from moving off of vscode is their markdown support. In particular the ability to drag and drop to insert links to files and images *. Surprisingly, no other editor does this even though I use it all the time.
* https://code.visualstudio.com/Docs/languages/markdown#_inser...
jeffbee
Google Cloud Shell is also Theia. I think it is fairly popular.
bayindirh
Eclipse (as in ecosystem) is fairly popular in Enterprise, but since it exposes all the knobs, and is a bona fide IDE which has some learning curve, people stay away from it.
Also it used to be kinda heavy, but it became lighter because of Moore's law and good code management practices all over the board.
I'm planning to deploy Theia in its web based form if possible, but still didn't have the time to tinker with that one.
v3ss0n
Theia is different from eclipse IDE it's written in JS not in Java and didn't share any code base of eclipse which is fully Java
spyridonas
Great analysis, well done ! Since you've already done VSCode, Trae, Cursor, can you analyse Kiro (AWS fork). I'm curious about their data collection practices.
cuuupid
Anecdata but Kiro is much, much, much, much easier to put through corporate procurement compared to its peers. I'm talking days vs months.
This is not because it is better and I've seen no inclination that it would somehow be more private or secure, but most enterprises already share their proprietary data with AWS and have an agreement with AWS that their TAMs will gladly usher Kiro usage under.
Interesting to distinguish that privacy/security as it relates to individuals is taken at face value, while when it relates to corporations it is taken at disclosure value.
asciii
Great write up OP!
Your analysis is thorough, and I wonder if their reduction of processes from 33 to 20...(WOW) had anything to do with moving telemetry logic elsewhere (hence increased endpoint activity).
What does Bytedance say regarding all this?
hollowonepl
I so much like the fact that I've come back to TUI (helix editor) recently.
I'm trying ZED too, which I believe as a commercial product comes with telemetry too.. but yeah, learning advanced rules of a personal firewall always helpful!
drewbitt
They don't want telemetry ever disabled, even for a minority of people who do toggle it off. Why?
imglorp
Disabling telemetry might be interpreted as a self-indicated signal of "I have something to hide", so they jack up the snooping.
sejje
Or "I'm a power user" of sorts. Probably a very small minority of users fiddle that setting.
Dang said a similarly small minority of users here do all the commenting.
Etheryte
This is true of practically every online community. The vast majority of the users are passive participants, a small fraction contribute, and a small subset of contributors generate most of the content. Reddit is a prime example of this, the numbers are incredibly lopsided there.
qiine
almost as if it was a trap... ;p
viraptor
That's assuming this is intended behaviour rather than just a bug that they don't care about fixing.
msgodel
Telemetry toggles add noise to the data at the very least. IMO it's part of the reason you're actually better off with no client-side telemetry at all. Obviously they see it the opposite way.
yard2010
Occam's razor. Not Hanlon's.
isatty
Why do people use obvious spyware when free software exists?
muppetman
Well there's a middle ground - Sublime Text isn't free but it's fantastic and isn't sending back all my code/work to the Chinese Government. Sorry, "Telemetry"
quectophoton
And the other side of the middle ground, Grafana being AGPL but requiring you to disable 4 analytics flags, 1 gravatar flag, and (I think) one of their default dashboards was also fetching news from a Grafana URL.
https://github.com/grafana/tempo/discussions/5001#discussion...
(Yes, that's for Grafana tempo, but the issue in `grafana/grafana` was just marked as duplicate of this.)
throwaway328
Yes, why do people use products from Microsoft, Apple, Google, Amazon, ...
davidmurdoch
Because the alternatives suck.
In this case, the software being analyzed is the alternative that sucks.
doctorpangloss
Ha ha, free software also has tons of telemetry, it just belongs to GitHub.
bowsamic
Because there’s a huge amount of money behind smearing free software
charcircuit
Telemetry isn't the same thing as spying on the user. People use it because it's not actually spying on them.
malfist
It is literally spying on the user.
Unless you're somehow saying telemetry doesn't report anything about what a user is doing to it's home server.
rvnx
Spying and telemetry is not something specific to Bytedance. Example: Google ? Or Microsoft ? Why is it a problem only when it is Bytedance or Huawei ? For the exact same activity
In fact the Chinese entities are even less likely to share your secrets to your governement than their best friends at Google
nomel
In my mind, the difference is that spying does or can contain PII, or PII can be inferred from it, where telemetry is incapable of being linked to an individual, to a reasonable extent.
charcircuit
If anything it is spying on the application itself. This is limited in scope compared to spyware which is software which spies on users themselves.
arstarstttt3
[flagged]
aspenmayer
> We need to bring back shaming and social isolation
HN is not your army, and it isn’t a theater of ideological battle.
Please don’t do that here.
eightysixfour
I certainly think "hacker" implies quite a bit of ideology, and this site has substantial ideological leanings.
yard2010
Or anything else from their party..
rs186
Eh, I don't know how you could tell it is "obvious" "spyware", unless you are referring to the fact that it comes from Bytedance.
Biganon
The mere fact that disabling telemetry does not at all disable telemetry is enough for it to be called spyware.
jen20
Have Bytedance produced literally anything to that assumption unreasonable?
phillipcarter
Amongst other things they do have a division that produces OKR tracking software. Just the weird story of another multinational I suppose.
efitz
Two thoughts:
1. Try using pi-hole to block those particular endpoints via making DNS resolution fail; see if it still works if it can’t access the telemetry endpoints.
2. Their ridiculous tracking, disregard of the user preference to not send telemetry, and behavior on the Discord when you mentioned tracking says everything you need to know about the company. You cannot change them. If you don’t want to be tracked, then stay away from Bytedance.
nosrepa
Why use pihole? Most OSes have a hosts file you can edit if you're just blocking one domain.
meindnoch
Hate to break it to you, but /etc/hosts only works for apps that use getaddrinfo or similar APIs. Anything that does its own DNS resolution, which coincidentally includes anything Chromium-based, is free to ignore your hosts file.
gruez
But pi-hole seems equally susceptible to the same issue? If you're really serious about blocking you'd need some sort of firewall that can intercept TLS connections and parse SNI headers, which typically requires specialized hardware and/or beefy processor if you want reasonable throughput speeds.
lowwave
Would it also be true for DNS over HTTPS right.
3eb7988a1663
When the nefarious actor is already inside the house, who knows to what lengths they will go to circumvent the protections? External network blocker is more straightforward (packets go in, packets go out), so easier to ensure that there is nothing funny happening.
On Apple devices, first-party applications get to circumvent LittleSnitch-like filtering. Presumably harder to hide this kind of activity on Linux, but then you need to have the expertise to be aware of the gaps. Docker still punches through your firewall configuration.
cluckindan
Set up your router to offer DNS through pihole and everything in your network now has tracking and ads blocked, even the wifi dishwasher.
bangaladore
Until everything starts using DoH (DNS over HTTPS). There is pretty much no reason to use anything else as a consumer nowadays.
In fact, most web browsers are using DoH, so pihole is useless in that regard.
godelski
Even the dishwasher that has Wifi that you don't know has Wifi and will happily jump onto open networks or has a deal with xfinity
rs186
So that these domains are automatically blocked on all devices on a local network. Also, you can't really edit the hosts file on Android or iOS, but I guess mobile OSes are not part of the discussion here.
Although there are caveats -- if an app decides to use its own DNS server, sometimes secure DNS, you are still out of luck. I just recently discovered that Android webview may bypass whatever DNS your Wi-Fi points to.
Zolomon
If you have multiple devices on the same LAN, all of them will use the pihole.
charcircuit
The hosts file doesn't let you properly block domains. It only lets you resolve them to something else. It's the wrong tool for the job.
genghisjahn
Are there any other companies I should worry about for tracking?
dotancohen
Meta is pretty much number one, Google is pretty much number two. Whoever number three is, they are very far behind.
For what it's worth, I do use Google products personally. But I won't go near Facebook, WhatsApp, or Instagram.
orbital-decay
Microsoft is definitely not that far behind in scale. They own a ton of software and services that are used by basically everyone.
randallsquared
Yes.
tojumpship
I can also suggest OpenSnitch or Portmaster to anyone whose conscious about these network connections. I couldn't live without them, never trust opt-outs.
max_
Why isn't there a decently done code editor with VSCode level features but none of the spyware garbage?
Any recommendations?
This seems like an easy win for a software project
Sammi
I'm eying Zed. Unfortunately I am dependent on a VS Code extension for a web framework I use. VS Code might have gotten to a critical level of network effect with their extensions, which might make it extremely sticky.
cyberax
> Why isn't there a decently done code editor with VSCode level features but none of the spyware garbage?
JetBrains products. Can work fully offline and they don't send "telemetry" if you're a paying user: https://www.jetbrains.com/help/clion/settings-usage-statisti...
ThinkBeat
emacs.
charcircuit
Because telemtry is how you effectively make a decently done editor. If you don't have telemtry you will be likely lower quality and will be copying from other editors who are able to effectively build what users want.
reaperducer
Why isn't there a decently done code editor with VSCode level features but none of the spyware garbage?
Isn't that what VS Codium is for?
max_
VSCodium I think was abandoned. It was extremely buggy last time I used it.
Either way it uses electron. Which I hate so much.
viraptor
It's not abandoned https://github.com/VSCodium/vscodium/commits/master/
mibsl
It seems actively maintained, latest build on Flathub is from 3 hours ago.
reaperducer
VSCodium I think was abandoned.
Sad to hear that. I really enjoyed VS Codium before I jumped full-time into Nova.
(Unsolicited plug: If you're looking for a Mac-native IDE, and your needs aren't too out-of-the-ordinary, Nova is worth a try. If nothing else, it's almost as fast as a TUI, and the price is fair.)
dmead
Emacs still exists
dotancohen
Emacs is great, sure, but it lacks a decent text editor.
serf
proof of emacs excellence.
what other software packages have 200 year old jokes about them?
dijit
Because someone has to fund it?
Microsoft is content with funding it, the price is your telemetry (for now).
For high quality development tools I use true FOSS; or I pay for my tools to avoid not knowing where the value is being extracted.
not_a_bot_4sho
> Microsoft is content with funding it, the price is your telemetry (for now).
The price of VSCode is halo effect for Azure products
benbristow
I thought with VS Code the price is that it entices you into using Azure, where the enterprise big bucks are made.
dmezzetti
It's interesting that anyone is surprised by this.
samgranieri
Come on over to neovim, the water is fine. Start with lazyvim if you like.
dmitrygr
I remind you, again, that vi, gcc, as, ld, and make have no telemetry, launch few (if any) processes, do not need GB of RAM, and work well.
dotancohen
I am a die hard VIM user. VIM is a text editor, not an IDE. You can I many D tools into it's E, but it remains a text editor with disparate tools.
godelski
> VIM is a text editor, not an IDE
63stack
What is there in an IDE today, that is missing from (n)vim? With the advent of DAP and LSP servers, I can't find anything that I would use a "proper" IDE for.
viraptor
- debuggers
- popup context windows for docs (kind of there, but having to respect the default character grid makes them much less capable and usually they don't allow further interaction)
- contextual buttons on a line of code (sure, custom commands exist, but they're not discoverable)
- "minimap"
nsm
The "integrated" part. I've written some here https://news.ycombinator.com/item?id=42871586
rs186
I install vscode from scratch, install a few extensions I need, set 3 or 4 settings I use regularly, and bang in 5 minutes I have a customized, working environment catered for almost any language.
vi? Good luck with that.
And I say that as an experienced vim user who used to tinker a bit.
godelski
> I install vscode from scratch, install a few extensions I need, set 3 or 4 settings I use regularly, and bang in 5 minutes I have a customized, working environment catered for almost any language.
Hell, I will even feel comfortable in a vi terminal, though that's extremely rare to actually find. Usually vi is just remapped to vim
Edit:
The git folder with *all* my dotfiles (which includes all my notes) is just 3M, so I can take it anywhere. If I install all the plugins and if I install all the vim plugins I currently have (which some are old and I don't use) the total is ~100M. So...
raverbashing
Why would anyone use a "Bytedance VSCode fork" is beyond me
neurostimulant
It's cheap, the ai features cost about half of what other editors are charging ($10/mo) and the free tier has generous limit. I guess you pay the difference with something else :)
userbinator
Except their own employees, of course. Apparently the main difference this has with MS' version is additional "AI features", so I'm not surprised...
Hi HN, I was evaluating IDEs for a personal project and decided to test Trae, ByteDance's fork of VSCode. I immediately noticed some significant performance and privacy issues that I felt were worth sharing. I've written up a full analysis with screenshots, network logs, and data payloads in the linked post.
Here are the key findings:
1. Extreme Resource Consumption: Out of the box, Trae used 6.3x more RAM (~5.7 GB) and spawned 3.7x more processes (33 total) than a standard VSCode setup with the same project open. The team has since made improvements, but it's still significantly heavier.
2. Telemetry Opt-Out Doesn't Work (It Makes It Worse): I found Trae was constantly sending data to ByteDance servers (byteoversea.com). I went into the settings and disabled all telemetry. To my surprise, this didn't stop the traffic. In fact, it increased the frequency of batch data collection. The telemetry "off" switch appears to be purely cosmetic.
3. What's Being Sent: Even with telemetry "disabled," Trae sends detailed payloads including: Hardware specs (CPU, memory, etc.) Persistent user, device, and machine IDs OS version, app language, user name Granular usage data like time-on-ide, window focus state, and active file types.
4. Community Censorship: When I tried to discuss these findings on their official Discord, my posts were deleted and my account was muted for 7 days. It seems words like "track" trigger an automated gag rule, which prevents any real discussion about privacy.
I believe developers should be aware of this behavior. The combination of resource drain, non-functional privacy settings, and censorship of technical feedback is a major red flag. The full, detailed analysis with all the evidence (process lists, Fiddler captures, JSON payloads, and screenshots of the Discord moderation) is available at the link. Happy to answer any questions.