关于 mac 版搜狗输入法的一些安全设置

搜狗输入法确实很方便,但是我发现他有一个令人不安的地方,那就是他的数据传输完全是http 明文传输的。

我们检查其程序发现包含很多个二级域名,都是以 http 协议在运行。

➜  dist strings /Library/Input\ Methods/SogouInput.app/Contents/SogouServices | grep sogou.com
http://macime.sogou.com/macassodict.php?
http://pinyin.sogou.com/dict/nickname.php
http://profile.pinyin.sogou.com/download.php
http://mac.profile.pinyin.sogou.com/get_key.php
http://mac.profile.pinyin.sogou.com/get_dict.php
http://mac.profile.pinyin.sogou.com/upload.php
http://ping.pinyin.sogou.com/sync.gif?h=%@&r=%@&v=%@&os=%@&err=%ld&from=mac&uname=%@&uid=%@&pt=%@&s=%d
http://ping.pinyin.sogou.com/sync.gif?h=%@&r=%@&v=%@&os=%@&err=%ld&from=mac&uname=%@&uid=%@&pt=%lu&s=%d
http://pinyin.sogou.com/api/rec/file.php?file=setlog&h=%@&v=%@
/act/authtoken?appid=%ld&userid=%@&token=%@&livetime=%ld&authtype=3&ru=http://profile.pinyin.sogou.com/
/act/authtoken?appid=%ld&userid=%@&token=%@&livetime=%ld&authtype=3&ts=%@&ru=http://profile.pinyin.sogou.com/
https://account.sogou.com
http://ping.pinyin.sogou.com/crash.gif?h=%@&r=%@&v=%@&os=%@&app=%@&ime=%@&src=mac
cloud.pinyin.sogou.com
http://cloud.pinyin.sogou.com
http://get.sogou.com/q
http://macime.sogou.com/macinstall.gif?h=%@&r=%@&v=%@&in=1&inst=%@
http://macime.sogou.com/sgupdate.php?
http://config.pinyin.sogou.com/macpicface/interface/get_hotlist.php?
http://macime.sogou.com/macversion.txt?
http://account.sogou.com/act/refreshtoken
http://account.sogou.com
http://config.pinyin.sogou.com/dict/upt_cell_dict6.5.php
http://ime.sogou.com/pyup.gif?

于是,我将其提取出来,扔到了 /etc/hosts

127.0.0.1 account.sogou.com
127.0.0.1 cloud.pinyin.sogou.com
127.0.0.1 config.pinyin.sogou.com
127.0.0.1 get.sogou.com
127.0.0.1 ime.sogou.com
127.0.0.1 mac.profile.pinyin.sogou.com
127.0.0.1 macime.sogou.com
127.0.0.1 ping.pinyin.sogou.com
127.0.0.1 pinyin.sogou.com
127.0.0.1 profile.pinyin.sogou.com