Orkut

Orkut is a social networking service which is run by Google and named after its creator, an employee of Google - Orkut Büyükkökten. The service states that it was designed to help users meet new friends and maintain existing relationships. Since October 2006, Orkut has permitted users to create accounts without an invitation. Orkut is the most visited website in Brazil and 2nd most visited site in India. The initial target market for orkut was the United States, but the majority of its users are in India and Brazil. In fact, as of March 24^th 2008, 67.5% of the traffic comes from Brazil, followed by India with 15.4%.

Orkut Büyükkökten

History

Orkut was launched in January 2004 by search company Google, as the brainchild of Orkut Büyükkökten, a Turkish software engineer, who developed it as an independent project while working at Google. In late June 2004, Affinity Engines filed suit against Google, claiming that Orkut Büyükkökten and Google based Orkut on inCircle code.

Originally, its membership was by invitation. By April 2008, Orkut's user base numbered at around 120 million, next only to MySpace.

Features

A user first creates a "Profile", in which the user provides "Social", "Professional" and "Personal" details. Users can upload photos into their Orkut profile with a caption. Users can also add videos to their profile from either YouTube or Google Videos with the additional option of creating either restricted or un-restricted polls for polling a community of users.

Scrapbook

"Scrapping" is popular among the Orkut community as a form of offline and online communication. In December 2007, the ability to pop up alerts immediately when a scrap is received was added, adding instant messaging-like capabilities to Orkut.

Communities

Another feature of Orkut is "Communities". Anyone with an Orkut account can create a community on anything. One can post topics, inform users about an event, ask them questions or just play games. There are more than one million communities on Orkut with topics ranging from pizza to pasta. The first five communities on Orkut were started within 24 hrs of the site's launch. There were a total of 47,092,584 communities on Orkut as per March 24, 2008 4:25PM IST (+5:30 GMT). With the recent addition of the search topic feature in the communities, some Orkut communities become the de facto source for the website links to movies, e-books etc.

Other miscellaneous features

Users have options to rate their friends in the order of "Best Friends", "Good Friends", "Friends", "Acquaintances" and "Haven't met”. They can also make a new group to join friends according to their wishes. Further, each member can become fans of any of the friends in their list and can also evaluate whether their friend is "Trustworthy", "Cool", "Sexy" on a scale of 1 to 3 (marked by icons) and is aggregated in terms of a percentage. Unlike Facebook, where a member can view profile details of people only on their network, Orkut allows anyone to visit anyone's profile, unless a potential visitor is on your "Ignore List". Importantly, each member can also customize their profile preferences and can restrict information that appears on their profile from their friends and/or others (not on the friends list). The highlight feature is where any member can add any other member on Orkut to his/her "Crush List" and both of them will be informed only when both parties have added each other to their "Crush List".

When a user logs in, they see the people in their friends list in the order of their logging in to the site, the first person being the latest one to do so. Orkut's competitors are other social networking sites including MySpace and Facebook. Ning is a more direct competitor, as they allow creation of Social Networks which are similar to Orkut's communities.

There is a birthday reminder on the homepage of each user, which shows upcoming birthdays of that user's network friends.

Orkut Redesign

On Friday, August 24, 2007, Orkut announced a redesign. The new UI contains round corners and soft colors including small logotype at upper left corner. The redesign has been announced on the official Orkut Blog.

By Thursday, August 30, 2007, most users on Orkut could see changes on their profile pages as per the new redesign. On the 31st, Orkut announced its new features including improvements to the way you view your friends, 9 rather than 8 of your friends displayed on your homepage and profile page and basic links to your friends' content right under their profile picture as you browse through their different pages. It also announced the initial release of Orkut in 5 new languages: Hindi, Bengali, Marathi, Tamil, and Telugu. Profile editing can take place by clicking the settings button under your profile photo (or alternatively, click the blue settings link at the top of any page).

On September 4, 2007, Orkut announced another new feature. You can now see an "Updates from your friends" box on the homepage, where you'll get real-time updates when your friends make changes to their profiles, photos and videos. Moreover, in case you want to keep some things on your profile private, Orkut has added an easy opt-out button on the settings page.

On November 8, 2007, Orkut greeted its Indian users Happy Diwali in a very special way, by allowing them to change their Orkut look to a Diwali-flavored reddish theme.

On April Fools' Day, April 1, 2008, Orkut temporarily changed its name on its webpage to yogurt, apparently as a prank.

Orkut Applications

On 16th April 2008 orkut applications are live in INDIA. started out with 18 applications and the count is growing up. Only with minor restriction's like 25 apps only in a profile. Some apps don't work as expected on FF3. best of the apps so far includes iRead, iLike and flixter

Criticism

Flooders and fake profiles

As with any online social networking community, a number of fake and cloned profiles exist on Orkut. Due to the large number of users, and the deactivation of the jail system, the profiles were often left unremoved or, when removed, recreated easily. These profiles are normally created to troll, to spam, to flood or just for fun. It isn't hard to find users owning more than one profile, with some stating they own hundreds. Also, many of the users use these profiles to steal art that has previously posted online and deem it their own.

In 2005 invisible profiles, communities and topics started to appear in Orkut. This could be achieved by using HTML escaping codes and 1x1 pixel photos to fool the engine behind the site.

Indians on Orkut in 3^rd Position

In August 2005 a freeware program made in Delphi called Floodtudo ("tudo" in Portuguese means "everything" - this was developed by a Brazilian) specifically for flooding Orkut. It quickly spread through the users and was easily downloadable (the most common Floodtudo versions were 1.2, 1.5, 2.0 and 2.2). As this program was massively used by thousands of spammers, a big spam wave struck Orkut in September and October 2005. However, changes implemented by the developers in November made this program non-functional.

As the flooding of Orkut was becoming out of control, the developers implemented some features in order to stop this. These features included not allowing two or more verbatim topics or scrapbook entries to be submitted, forcing the user to wait before posting another topic or scrapbook entry, and the usage of captchas, whenever a scrap entry is hyperlinked. They gave more rights to community moderators as well, so that users can be banned outright instead of relying on the developers to remove them, and now community moderators are able to mass-delete topics selectively in forum as well.

Hate groups

There has recently been controversy revolving around the use of Orkut by various hate groups. Virulent racists and religious fanatics allegedly have a solid following there. Several hate communities focused on racism, Nazism and white supremacy have been deleted due to guideline violation. However, the number of these communities and profiles has not stopped growing because they can be very easily created and it is hard for Orkut to check them.

In 2005, various cases of racism were brought to police attention and reported on in the Brazilian media. In 2006, a judicial measure was opened by the Brazil federal justice denouncing a 20-year-old student accused of racism against those of African ancestry and spreading defamatory content on Orkut. Brazilian Federal Justice subpoenaed Google on March 2006 to explain the crimes that had occurred in Orkut.

Anti-religion, anti-national, and anti-ethnic hate groups have also been spotted. Recently an Indian court has issued notices to Google on some of the groups. The Mumbai Police are seeking a ban on Orkut post objections raised by political groups. Groups denigrating various political leaders and celebrities have also emerged. Also in a reported case of 2005, racist groups have been reported. They were anti-Tamil groups. No names have been revealed yet.

State Censorship

Orkut was very popular in Iran, but the website is now blocked by the government. According to official reports, this is due to national security issues, and Islamic ethical issues about dating and match making. To get around this block, sites such as orkutproxy.com (now defunct) were made for Iranian users. Other websites such as Yahoo! Groups and Google Groups have communities dedicated to receiving updates on the newest location of Iran's Orkut proxy. Though it was once possible to bypass governmental blockage of Orkut, the site has closed its HTTPS pages on all anonymous proxies. Now it is almost impossible for ordinary users to visit this site inside Iran. Many other sites have been published in Iran since Orkut's blockage, using the same social-networking model - examples include MyPardis, Cloob and Bahaneh. Of course, these websites run a high risk of being blocked as well, so they have their own censorship policies to meet Iran's unwritten regulations and rules of filtering.

Orkut’s growth in India

In August 2006, United Arab Emirates followed the footsteps of Iran in blocking the site. This block was subsequently removed in October 2006. On July 3, 2007, Gulf News revisited the issue, publishing complaints from members of the public against Orkut communities like "Dubai Sex", and officially bringing the complaints to the attention of the state telecom monopoly Etisalat. The ensuing moral panic resulted in a renewed ban of the site by Etisalat by July 4, 2007, still in effect despite Google's promise to negotiate the ban with the UAE. Saudi Arabia is another country that has blocked access to Orkut, while Bahrain's information ministry is also under pressure to follow suit.

Security and safety

Hacking accounts and communities with XSS

In 2005 dozens of communities' ownership was hacked by a Computer Security expert known as Shamsher Terror to demonstrate the undiscovered security vulnerabilities. A similar feat was performed by a Brazilian hacker called Vinícius K-Max , using a cross-site scripting (XSS) vulnerability. Eventually, various phishing sites were developed with the intent of stealing other people's accounts and communities.

In December 2007, hundreds of thousands of user’s accounts were affected, using another XSS vulnerability and a worm developed by another Brazilian hacker. A user's account was affected when the user simply read a particular scrap containing an embed which caused the user to automatically become a part of a community on the site, without approval. The affected user's account was then used to send this scrap to everyone present in the user's friend list thereby creating a sort of a huge wave. This vulnerability was eventually fixed within a few hours after being reported.

MW.Orc worm

On June 19, 2006 FaceTime Security Labs' security researchers Christopher Boyd and Wayne Porter discovered a worm, dubbed MW.Orc.

The worm steals users' banking details, usernames and passwords by propagating through Orkut. The attack was triggered as users launched an executable file disguised as a JPEG file. The initial executable file that causes the infection installs two additional files on the user's computer. These files then e-mail banking details and passwords to the worm's anonymous creator when infected users click on the "My Computer" icon.

The infection spreads automatically by posting a URL in another user's Orkut Scrapbook, a guestbook where visitors can leave comments visible on the user's page. This link lures visitors with a message in Portuguese, falsely claiming to offer additional photos. The message text that carries an infection link can vary from case to case.

In addition to stealing personal information, the malware can also enable a remote user to control the PC and make it part of a botnet, a network of infected PCs. The botnet in this case uses an infected PC's bandwidth to distribute large, pirated movie files, potentially slowing down an end-user's connection speed.

The initial executable file (Minhasfotos.exe) creates two additional files when activated, winlogon_.jpg and wzip32.exe (located in the System32 Folder). When the user clicks the "My Computer" icon, a mail is sent containing their personal data. In addition, they may be added to an XDCC Botnet (used for file sharing), and the infection link may be sent to other users that they know in the Orkut network. The infection can be spread manually, but also has the ability to send "back dated" infection links to people in the "friends list" of the infected user.

According to statements made by Google, as noted in Facetime's Greynets Blog, the company had implemented a temporary fix for the dangerous worm.

Discussing about some bugs on social network Orkut & a community providing some exploits.

While browsing on a social network Orkut I came through a community on orkut named Bugs on Orkut which provides some crucial exploits on the social network Orkut by the author Mayank Sood from Dehradun India. The details are as follows -:

The author of this community is a Hacker named Mayank Sood From India Dehradun. He has provided some exploits for this social network through which by just merely using his scripts you can have some nice exploits on orkut. His community link is Cmm=989872 named Bugs on Orkut which users can check by going on the network Orkut. Do not provide any crucial information on social network that leads to exploits by hackers. Help to keep social network clean & beautiful. Further investigation sources claim that the community owner Mayank sood himself claims that he does not steal any user data or information he just works on some bugs present on the social network. The owner of the community has been awarded ethical hacking certificate & was once invited by Google Orkut to Brazil but he declined for some reasons that are not known. (as per information provided november 2006)

HTTPS Not Obvious

In and around April 17, 2007 users began reporting that secure (https) access to the Orkut login server was no longer available. This led some users to cancel their accounts, fearing potential abuse of their Orkut and related Google accounts, such as Gmail.

In fact, Google had changed the main login page to http delivery to improve efficiency, but the actual login remained secure using https in an iframe. This information had not been well-published by Google, and did not give the users the reassurance of seeing the "secure connection" padlock in the browser. On July 17, 2007, a revised login page, which is delivered via https, addressed these issues.

Session Management and Authentication Issues

On June 22, 2007 Susam Pal and Vipul Agarwal published a security advisory on Orkut vulnerabilities related to authentication issues. The vulnerablities are considered very dangerous in cybercafes, or in the case of man-in-the-middle attack as they can lead to session hijacking and misuse of legitimate accounts. The vulnerabilities are not known to be fixed yet and therefore pose threat to the Orkut users.

A week later, on June 29, 2007 Susam Pal published another security advisory which described how the Orkut authentication issue can be exploited to hijack Google and Gmail sessions and misuse the compromised account of a legitimate user under certain conditions.

Joseph Hick performed an experiment on the basis of the advisories published by Susam Pal, to find out how long a session remains alive even after a user logs out. [14] His experiment confirmed that the sessions remain alive for 14 days after the user has logged out. It implies that a hijacked session can be used for 14 days by the hijacker because logging out does not kill the session.

W32/KutWormer

On December 19, 2007, a worm written in Javascript started to cause havoc. Created by a Brazilian user, it automatically made the user join the virus related community and infect all friends' scrapbooks with copies of itself.

The worm is spreading through Orkut’s recently introduced tool that allows users to write messages that contain HTML code. The ability to add Flash/Javascript content to Orkut scraps was only recently introduced.[16][17] on March 3 2008 W32/Scrapkut.worm was found.The worm attempts to spread itself by sending orkut users scraps that contains the link to the worm itself.Aliases Downloader.Banload.ONK (GRISoft) TR/Dldr.Orkut.A (Avira) Trojan-Downloader.Win32.Banload.auf (IKARUS) Trojan.DL.Win32.Banload.dzm (Rising) W32.Scrapkut (Symantec)

Legal Issues

Brazil

On August 22, 2006, Brazilian Federal Judge José Marcos Lunardelli ordered Google to release Orkut user’s information of a list of about two dozen Brazilian nationals, believed to be using Orkut to sell drugs and involved in child pornography by September 28. The judge ordered Google to pay $23,000 per day in fines until the information is turned over to the Brazilian government. The information the government is requesting would also be used to identify individuals that are spreading child pornography and hate speech, according to the Brazilian government. As of September 27, 2006 Google has stated that they will not release the information, on the grounds that the requested information is on Google servers in the U.S. and not Google servers in Brazil, and is therefore not subject to Brazilian laws.

India

Of late, the number of Indians on Orkut has been increasing rapidly. On October 10, 2006, the Bombay High Court's Aurangabad bench served a notice on Google for allowing a hate campaign against India. This referred to a community on Orkut called 'We Hate India', which initially carried a picture of an Indian flag being burned and some anti-India content.

The High Court order was issued in response to a public-interest petition filed by an Aurangabad advocate. Google had six weeks to respond. Even before the petition was filed, many Orkut users had noticed this community and were mailing or otherwise messaging their contacts on Orkut to report the community as bogus to Google, which could result in its removal. The community continues to exist and had spawned several 'We hate those who hate India' communities.

Prior to the 60th Independence Day of India, orkut's main page was revamped. The section which usually displayed a collage of photos of various people, showed a stylized orkut logo. The word orkut was written in the Devanagiri script and was colored in the Indian national colours. Clicking on the logo redirects to a post by the orkut India Product Manager, Manu Rekhi, on the orkut internal blog. There has also been some media outcry against Orkut after a couple of youngsters were apparently lured by fake profiles on the site and later murdered.

On November 23, Bombay High Court asked the state government to file its reply in connection with a petition demanding a ban on social networking site, Orkut, for hosting an anti-Shivaji Web community.

Recently, the Pune rural police cracked a rave party filled with narcotics. The accused have been charged under anti-narcotic laws, the (Indian) Narcotic Drugs and Psychotropics Substances Act, 1985 (NDPS). Besides the NDPS, according to some media reports, the police were deliberating on the issue of charging the accused under the (Indian) Information Technology Act, 2000 perhaps because Orkut was believed to be one of the modes of communication for these kinds of drug abuses.

The Cyber police in India have entered into an agreement with Orkut to have a facility to catch and prosecute those misusing Orkut since the complaints is in a rising stage.