orkut is a social networking service which is run by Google and named after its creator, an employee of Google - Orkut Büyükkökten. The service states that it was designed to help users meet new friends and maintain existing relationships. Orkut is similar to other social networking sites. Since October 2006, Orkut has permitted users to create accounts without an invitation. Orkut is the most visited website in Brazil and second most visited site in India. The initial target market for Orkut was the United States, but the majority of its users are in Brazil and India. In fact, as of May 2008, 53.86% of Orkut's users are from Brazil, followed by India with 16.97% and 23.4% of the traffic comes from Brazil, followed by India with 18.0%. Unlike Facebook and Friendster, it is not a popular website in the United States of America and Canada.
Originally hosted in California, in August 2008 Google announced that Orkut will be fully managed and operated in Brazil, by Google Brazil. This was decided due to the large Brazilian user base and growth of legal issues.
Originally, its membership was by invitation.. By April 2008, Orkut's user base numbered at around 120 million, next only to MySpace.
When a user logs in, they see the people in their friends list in the order of their logging in to the site, the first person being the latest one to do so. Orkut's competitors are other social networking sites including MySpace and Facebook. Ning is a more direct competitor, as they allow creation of Social Networks which are similar to Orkut's communities.
There is a birthday reminder on the homepage of each user, which shows upcoming birthdays of that user's network friends.
Orkut users can decide the countries from which they want to get friends requests from. Or the person sending request has to verify the email address of the another person.
On Friday, August 24, 2007, Orkut announced a redesign. The new UI contains round corners and soft colors including small logotype at upper left corner. The redesign has been announced on the official Orkut Blog.
By Thursday, August 30, 2007, most users on Orkut could see changes on their profile pages as per the new redesign. On the 31st, Orkut announced its new features including improvements to the way you view your friends, 9 rather than 8 of your friends displayed on your homepage and profile page and basic links to your friends' content right under their profile picture as you browse through their different pages. It also announced the initial release of Orkut in 5 new languages: Hindi, Bengali, Marathi, Tamil, and Telugu. Profile editing can take place by clicking the settings button under your profile photo (or alternatively, click the blue settings link at the top of any page).
On September 4, 2007, Orkut announced another new feature. You can now see an "Updates from your friends" box on the homepage, where you'll get real-time updates when your friends make changes to their profiles, photos and videos. Moreover, in case you want to keep some things on your profile private, Orkut has added an easy opt-out button on the settings page. Scraps (popularly word for messages in orkut) was also HTML-enabled letting users now interact in a more interesting manner.
On November 8, 2007, Orkut greeted its Indian users Happy Diwali in a very special way, by allowing them to change their Orkut look to a Diwali-flavored reddish theme.
On April Fools' Day 2008, Orkut temporarily changed its name on its webpage to yogurt, apparently as a prank.
On 2nd June 2008, Orkut has launched its theming engine with a small set of default themes. along with this PHOTO tagging has also finally arrived at orkut.
In 2005 invisible profiles, communities and topics started to appear in Orkut. This could be achieved by using HTML escaping codes and 1x1 pixel photos to fool the engine behind the site. This hole was later fixed, and currently there is a lower limit on profile image dimensions.
In August 2005 a freeware program was made in Delphi called Floodtudo ("tudo" in Portuguese means "everything" - this was developed by a Brazilian) specifically for flooding Orkut. It quickly spread through the users and was easily downloadable (the most common Floodtudo versions were 1.2, 1.5, 2.0 and 2.2). As this program was massively used by thousands of spammers, a big spam wave struck Orkut in September and October 2005.
As the flooding of Orkut was becoming out of control, the developers implemented some features in order to stop this. These features included not allowing two or more verbatim topics or scrapbook entries to be submitted, forcing the user to wait before posting another topic or scrapbook entry, and the usage of captchas, whenever a scrap entry is hyperlinked. They gave more rights to community moderators as well, so that users can be banned outright instead of relying on the developers to remove them.
There has recently been controversy revolving around the use of Orkut by various hate groups. Virulent racists and religious fanatics allegedly have a solid following there. Several hate communities focused on racism, Nazism and white supremacy have been deleted due to guideline violation.
In 2005, various cases of racism were brought to police attention and reported on in the Brazilian media. In 2006, a judicial measure was opened by the Brazil federal justice denouncing a 20-year-old student accused of racism against those of African ancestry and spreading defamatory content on Orkut. Brazilian Federal Justice subpoenaed Google on March 2006 to explain the crimes that had occurred in Orkut.
Anti-religion, anti-national, and anti-ethnic hate groups have also been spotted. Recently an Indian court has issued notices to Google on some of the groups. The Mumbai Police are seeking a ban on Orkut post objections raised by political groups. Groups denigrating various political leaders and celebrities have also emerged. Also in a reported case of 2005, racist groups have been reported. They were anti-Tamil groups. Recently a member of a tamil hate group is currently being tracked down.
In August 2006, United Arab Emirates followed the footsteps of Iran in blocking the site. This block was subsequently removed in October 2006. On July 3, 2007, Gulf News revisited the issue, publishing complaints from members of the public against Orkut communities like "Dubai Sex", and officially bringing the complaints to the attention of the state telecom monopoly Etisalat . The ensuing moral panic resulted in a renewed ban of the site by Etisalat by July 4, 2007 , still in effect despite Google's promise to negotiate the ban with the UAE . Saudi Arabia is another country that has blocked access to Orkut, while Bahrain's information ministry is also under pressure to follow suit .
Earlier in Orkut it was allowed for anybody to view any one's pictures, videos as well as scraps. But this gave promotion to the people who started misusing the photos and videos and placed them on the internet with fake details. Many of them were vulgar, especially pictures of women. Moreover the scraps could be read easily.
Currently privacy covers such features as scraps (separately read and write access), videos, photoalbums, testimonials, applications. The following privacy levels are currently available to users: friends/friends of friends/everyone in the network. The user can limit visibility of her/his profile to a certain region or group of regions (that's what is called "network"); in this case outside of these regions no user information is available.
Initially, the common opinion was that out of the two major countries, only users in India will be interested in privacy on orkut, while Brazil, being a very open society, will not need it. In reality, the percentage of users choosing to hide their data is the same in India and Brazil. The only difference is that in Brazilian sector of orkut there is a community "Quer privacidade? Sai do orkut" ("want privacy? get out of orkut") against other people's privacy.
Bad, bad server. No donut for you.
Unfortunately, the orkut.com server has acted out in an unexpected way. Hopefully, it will return to its helpful self if you try again in a few minutes.
It's likely that the server will behave this way on occasion during the coming months. We apologize for the inconvenience and for our server's lack of consideration for others.
This is a common error message when the Orkut server encounters heavy traffic. In this way Orkut developers show their sense of humor.
In December 2007, hundreds of thousands of users accounts were affected, using another XSS vulnerability and a worm. A user's account was affected when the user simply read a particular scrap containing an embed which caused the user to automatically become a part of a community on the site, without approval. The affected user's account was then used to send this scrap to everyone present in the user's friend list thereby creating a sort of a huge wave.
The worm steals users' banking details, usernames and passwords by propagating through Orkut. The attack was triggered as users launched an executable file disguised as a JPEG file. The initial executable file that causes the infection installs two additional files on the user's computer. These files then e-mail banking details and passwords to the worm's anonymous creator when infected users click on the "My Computer" icon.
The infection spreads automatically by posting a URL in another user's Orkut Scrapbook, a guestbook where visitors can leave comments visible on the user's page. This link lures visitors with a message in Portuguese, falsely claiming to offer additional photos. The message text that carries an infection link can vary from case to case.
In addition to stealing personal information, the malware can also enable a remote user to control the PC and make it part of a botnet, a network of infected PCs. The botnet in this case uses an infected PC's bandwidth to distribute large, pirated movie files, potentially slowing down an end-user's connection speed.
The initial executable file (Minhasfotos.exe) creates two additional files when activated, winlogon_.jpg and wzip32.exe (located in the System32 Folder). When the user clicks the "My Computer" icon, a mail is sent containing their personal data. In addition, they may be added to an XDCC Botnet (used for file sharing), and the infection link may be sent to other users that they know in the Orkut network. The infection can be spread manually, but also has the ability to send "back dated" infection links to people in the "friends list" of the infected user.
According to statements made by Google, as noted in Facetime's Greynets Blog, the company had implemented a temporary fix for the dangerous worm.
In fact, Google had changed the main login page to http delivery to improve efficiency, but the actual login remained secure using  in an iframe . This information had not been well-published by Google, and did not give the users the reassurance of seeing the "secure connection" padlock in the browser. On July 17, 2007, a revised login page, which is delivered via https, addressed these issues.
On June 22, 2007 Susam Pal and Vipul Agarwal published a security advisory on Orkut vulnerabilities related to authentication issues. The vulnerablities are considered very dangerous in cybercafes, or in the case of man-in-the-middle attack as they can lead to session hijacking and misuse of legitimate accounts. The vulnerabilities are not known to be fixed yet and therefore pose threat to the Orkut users.
A week later, on June 29, 2007 Susam Pal published another security advisory which described how the Orkut authentication issue can be exploited to hijack Google and Gmail sessions and misuse the compromised account of a legitimate user under certain conditions.
Joseph Hick performed an experiment on the basis of the advisories published by Susam Pal, to find out how long a session remains alive even after a user logs out. His experiment confirmed that the sessions remain alive for 14 days after the user has logged out. It implies that a hijacked session can be used for 14 days by the hijacker because logging out does not kill the session.
In December 2007 a Brazilian cracker named "Rodrigo Lacerda" published a script that allowed users to scrape other people's private photos. The exploit consisted of generating album photo urls, due to their simple structure. See e.g. The idea behind this is by "Master Shekhar" an Indian Cracker. This crack made Orkut team implement new secure album/photos implementation.
Attacks on orkut using social engineering never stop. Among these the easiest kind is to offer a user to enter a script into the browser's address area, to "improve performance".
The High Court order was issued in response to a public-interest petition filed by an Aurangabad advocate. Google had six weeks to respond. Even before the petition was filed, many Orkut users had noticed this community and were mailing or otherwise messaging their contacts on Orkut to report the community as bogus to Google, which could result in its removal. The community has now been deleted but has spawned several 'We hate those who hate India' communities.
Prior to the 60th Independence Day of India, orkut's main page was revamped. The section which usually displayed a collage of photos of various people, showed a stylized orkut logo. The word orkut was written in the Devanagiri script and was colored in the Indian national colours. Clicking on the logo redirects to a post by the orkut India Product Manager, Manu Rekhi, on the orkut internal blog. There has also been some media outcry against Orkut after a couple of youngsters were apparently lured by fake profiles on the site and later murdered.
On November 23, Bombay High Court asked the state government to file its reply in connection with a petition demanding a ban on social networking site, Orkut, for hosting an anti-Shivaji Web community.
Recently, the Pune rural police cracked a rave party filled with narcotics. The accused have been charged under anti-narcotic laws, the (Indian) Narcotic Drugs and Psychotropics Substances Act, 1985 (NDPS). Besides the NDPS, according to some media reports, the police were deliberating on the issue of charging the accused under the (Indian) Information Technology Act, 2000 perhaps because Orkut was believed to be one of the mode of communication for these kind of drug abuses.
The Cyber police in India have entered into an agreement with Orkut to have a facility to catch and prosecute those misusing Orkut since the complaints is in a rising stage.