August 14, 2021

Alexandragrant.com - CAUTION

I noticed that Alexandra Grant’s personal website was not loading on June 19, 2021. I would get this message when I tried to access it. 

 


I knew I wasn’t the only one having this problem as someone else posted about it on Instagram. 

 

 

I thought it might be concerning the July 2019 CV also, which was still linked to her website and could be accessed through the link that was provided by the above poster (https://alexandragrant.com/wp-content/uploads/2019/07/CV-Alexandra-Grant.pdf). I have also provided this link several times throughout my blog and it is also located in this page (see July 2019 CV). This CV has been discussed at length because it contains many lies, including calling grantLOVE Project a non-profit (see Tangled Web). Given the Attorney General’s recent notice to register, I had wondered if Ms. Grant was finally trying to remove the resume from her website. Clearly, I was not the only one to echo this thought.

 

Sure enough, when I finally managed to access her website again, the CV link would not work. I was getting the same message as I had before when I was trying to access her website..

 

Error Code: SSL_ERROR_INTERNAL_ERROR_ALERT

 

My conclusion, at this point, was that she did remove it and that this was a very foolish thing for her to do. That CV has been linked to her website for 2 years now. She's had all this time to remove the link. Removing it at this point in time would show guilt, and I don’t believe the Attorney General would look favorably on her doing that when her business activities are being investigated. Although some may argue that she is not under investigation yet, I say that she is.

 

If the Attorney General sends you a notice to register because they believe you are operating illegally as a commercial coventurer, it’s because they are INVESTIGATING the nature of your business activities. As such, removing or deleting evidence could have serious repercussions. Like I said, it’s a bad idea.

 

Fortunately, Alexandra Grant did NOT delete the resume. It is still there, but it now has a new link/address (sort of). I’ll explain. 

 

As I was working on my other post (The PR Show - Part 1), I noticed that all of the backlinks in the PR articles, which were redirecting to her personal website (https://alexandragrant.com/...), were no longer working. The links to her other sites - grantLOVE, X Artists' Books, Instagrams - worked just fine. Only those to her personal website were affected. I figured that this must have something to do with what happened to her website on June 19, 2021; that whatever was done around that day 'broke' every previous link to her website.

 

Looking at the link addresses I was being redirected to, they should have worked and should have taken me to the designated page. But I was getting the same error that I got when I was trying to access the July 2019 CV.   

 

Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

 

What the heck was going on??

 

The backlink I was trying was redirecting me to the ‘about’ page on her personal website. I decided to navigate there organically by searching her name on Google, going to her website and selecting the page I should have been directed to, as I wanted to compare the current address with the backlink address in the PR article.

 

When I copied the link and compared it to the backlink from the PR article, I noticed a very small but significant difference – a very important missing letter.

 

Current link to the ‘about’ page on her website: 

http://alexandragrant.com/about/

 

Link to the ‘about’ page from the PR article:

https://alexandragrant.com/about/

 

The ‘s’ is missing in the current link. That is the only difference.

 

What does that mean? Why this change?

 

I then proceeded to do a search on what the difference was between http and https.


https://smallbiztrends.com/2015/04/changing-from-http-to-https.html

 


Https is secure (encrypted) and http is not. Now the error message I was getting makes sense. The message was that a SECURE CONNECTION FAILED and was giving an SSL ERROR.

 


https://alexandragrant.com was no longer working because the SSL certificate, which used to be present, could no longer be verified. This implies that it either expired or was removed, which would revert it to an http address - http://alexandragrant.com.

 

You need an SSL certificate to get the S in https. That certificate provides encryption for any exchange of information between the website and the browser/visitor. It maintains privacy. It’s crucial to have this when you are dealing with ecommerce websites in order to keep your personal and financial information private (logins, passwords, credit card numbers, etc.). That little padlock that appears in front of the link in your browser indicates that it is a secure (https) site. If you don’t see that padlock or if there is a bar going across it, it is not secure and any information you may exchange or enter on that website can be intercepted.

https://support.google.com/chrome/answer/95617?hl=en

 





More than that, the entire website can be spoofed – made to look just like the original website in order to trick you (phishing) - or install malware as you click on links. It also makes you vulnerable to hacking.

https://en.wikipedia.org/wiki/Spoofed_URL

 


https://www.namecheap.com/security/do-i-need-ssl-certificate/

 

This is all about protection; both for her website and those who visit her website. Without the SSL certificate, that protection is gone. Now, it could be because it lapsed and she didn’t renew it, but I don't think so. 

 

From what I can tell, her site is built using WordPress but hosted on GoDaddy. 


 


GoDaddy has their own SSL certificates and they usually need to be renewed every two months. These are typically done automatically (auto-renewal). Although, GoDaddy does offer one free SSL certificate for Managed Wordpress sites (which I believe is what she has). So why would she remove it? It’s strange.

 

https://ca.godaddy.com/help/request-my-ssl-certificate-for-a-managed-wordpress-website-builder-or-website-builder-online-store-site-40438 



 

So, with all of the Go Daddy Managed Wordpress, the first certificate is free and you get automatic daily malware scan and backup. They manage that certificate for you, which implies automatic renewals. Which means you would not have to worry about it expiring and leaving your website UNSAFE. The daily malware scan is also a great feature, as you would get notified if anything suspicious were to happen to your site. If you needed an extra certificate, there would be a fee. But, as far as I know, Alexandra Grant does not have another website hosted on GoDaddy, therefore there is no reason for her NOT to use the certificate on her personal website. 

 

The grantLOVE Project website is hosted by Shopify.

https://www.grantlove.com/policies/terms-of-service 


The X Artists' Books website is hosted by Squarespace.

https://www.xartistsbooks.com/returns-and-privacy

 


Both of these websites have SSL certificates by Let's Encrypt. 

 

Let's Encrypt is a non-profit organization that provides SSL certificates for FREE. They are trying to make the Web a safer place for everyone and strongly believe that making every site https is a big part in making that happen. Encryption means security and privacy. Everyone has a right to that. Plus, it's automated, which means you don't have to worry about renewing your certificate.

https://letsencrypt.org/donate/ 

 




Since I believe she has a Managed Wordpress GoDaddy account which offers a free SSL certificate, there is no reason for there to be no certificate currently on her account. If I am wrong and she doesn't have a Managed Wordpress GoDaddy account, then she can still get one from Let's Encrypt at no cost. In other words, there is absolutely no reason for her to drop the SSL certificate altogether, along with all of the security it provides to her website and her visitors.

 

In fact, https has gotten so important that Google penalizes websites that don't have it and ranks them lower in searches. Again, this would negatively affect her SEO (Search Engine Optimization).


https://www.sangfroidwebdesign.com/search-engine-optimization-seo/google-https-ranking/  




SSL certificates also authenticate a website, this way you know for certain that you are on the correct website. 

 

Given that alexandragrant.com was https before, how can we be certain that the http website is actually her website and not a fake one? 

 

The truth is, you can't be certain that it is her website. And that's the big problem. There's NO AUTHENTICATION. Something has changed and there was NO WARNING that there would be a change. Nothing stating they were doing scheduled maintenance  or having technical difficulties on the website.  The absence of any kind of notice makes the current state of her website very suspicious.

 

There is a process to going from http to https where automated 301 redirects are issued so that all of the http links out there (the ones not on your website - search engines, backlinks, etc) are automatically redirected to the new https links. 

 


The 301 redirect fixes the old http links so that you are redirected to the new https link without any error messages. Unfortunately, the reverse is not possible.


The reason that it is not possible is because the https link is looking for confirmation that the new link is secure. Since there is no SSL certificate in place (because the redirect link is http) you get an error. It does not work.


Therefore, going from https to http breaks ALL of the old links to her website. So, all those SEO backlinks that I mentioned in my PR Show post are now broken because of this. She has now damaged a HUGE part of her digital PR. What for?

 

Perhaps it was to simply finally break the link to the July 2019 CV which had been misinforming people for almost 2 years now. Too little, too late, if you ask me.

 

She’s had plenty of opportunity and time to take care of this during this period. Trying to address it now is pointless.

 

That CV has been misinforming people through many outlets. There are PR articles that link directly to it (https link) or refer to grantLOVE as a non-profit.

 

https://www.narcity.com/keanu-reeves-girlfriend-alexandra-grant-is-actually-an-incredibly-successful-woman

 



https://www.therichest.com/pop-culture/keanu-facts-girlfriend-alexandra-grant/

 


There are other articles that link to the about page (https link) where the CV can be accessed. At the time the articles were published, the CV that could be accessed was the July 2019 CV.


 

https://www.lifeandstylemag.com/posts/does-keanu-reeves-have-a-girlfriend-actor-dating-alexandra-grant/

 


https://www.huffingtonpost.ca/entry/alexandra-grant-keanu-reeves-dating_ca_5dc1933ae4b03d0aad00af14


 

https://www.forbes.com/sites/nadjasayej/2019/11/05/who-is-keanu-reeves-girlfriend-alexandra-grant/?sh=65ca6fa02c1f

 

https://web.archive.org/web/20191105022312/https://alexandragrant.com/about/

 

There is also Wikipedia. Her Wikipedia page uses her July 2019 CV as a reference. It’s still there and it still links to the https CV link.

 

https://en.wikipedia.org/wiki/Alexandra_Grant


 

And then there are other 'art' related websites that have posted links to it.

https://www.beaumarisartgroup.org.au/a-artist/alexandra-grant-artist-los-angeles.html

 
These are just a handful of examples of articles and sites that have referenced the July 2019 CV. As you can see, the erroneous contents of that resume has traveled and spread misinformation throughout the world. The fact that it is listed on her Wikipedia page alone is a great example of this. If you do a search on the name Alexandra Grant on Google, her Wikipedia page is the first thing to come up - and EVERYONE who's ever searched the web has used Wikipedia. It's a website that everyone knows and many rely on for information.

Now, when her website went down, one individual on Instagram posted that they had contacted associates of Alexandra Grant the week before in order to inform her that the July 2019 CV, which was linked to her website, was a “hack job”. She emphatically states in her posts that the CV was hacked and planted on Alexandra Grant’s website and that she should remove it. She posted about it 'guessing' that Alexandra Grant got her message and was likely removing it, that this is likely why her site was down, and that this was a good thing. ** I chose to block out this account name as they keep changing it. They have had three different names since they opened their account in early May. They also keep disabling and re-enabling their account. They strongly defend Alexandra Grant and have a tendency to manipulate information to make their arguments. This last point will be exposed later on in this post. 

 



If this person truly did contact associates of Ms. Grant about the July 2019 CV, then it would make for a very interesting "coincidence" that the website changed from https to http at that time - something that would make it less secure and more likely to be hacked. It's a little suspect.

 

 

As for the CV being hacked, there’s too much evidence that points to the contrary. This would not make any sense for multiple reasons.

 

Reason 1: Progression of lies: 

When you look at the previous resumes which were submitted to galleries she exhibited at, you notice that there is a progression with the lies. The lie in one resume (Snitzer) is repeated in the next resume (Lowell Ryan Projects) and more are added. The same pattern is repeated in the following resume (July 2019). The lies of the previous resume are still present, and more are added.

 

Snitzer CV

For the 40th Anniversary Snitzer Gallery group exhibit in 2018, she provided this resume which had some of the same lies as on her July 2019 CV regarding the time served on boards.


In this resume,  she only lists one year for the time served as a Founding Board Chair for the Watts House Project. This would change to "2009 - present" in the Lowell Ryan Projects CV. There is no mention of grantLOVE Project being a non-profit. The book publishing company, X Artists' Books, is not listed. She has placed all these listings under the "Outside the Studio" section of her resume. These items will be listed under the same section in the Lowell Ryan Projects Resume.

  

https://static1.squarespace.com/static/571fbbde55598659e3701ed6/t/5a75ff0353450ac90931af74/1517682437334/Alexandra+Grant+CV.pdf

 



Lowell Ryan CV

For the ‘Born to Love’ solo show in June 2019 at Lowell Ryan Projects, she provided this resume, which had the same lies as the Spitzer Gallery resume regarding the time spent on various  boards as well as the change mentioned earlier regarding the time spent on the Watts House board. 

 

In this resume, she also added her art being part of the permanent collection at the Art Gallery of Ontario, which is untrue, as well as being a founder (not co-founder) of X Artists' Books. 

 

She’s changed the formatting slightly in this CV and is using a different font. It’s better organized with the dates clearly defined. This CV is easier to read and looks more professional.

 https://static1.squarespace.com/static/5bbecfcb0b77bd3129a11ff7/t/5cf427948c6afe0001849ae7/1559504789231/CV_Alexandra+Grant_Lowell+Ryan+Projects.pdf

 


 


July 2019 CV

Thus far, the entries for X Artists' Books, grantLOVE Project and the Love House are lumped in with the time served on boards under the section called 'Outside the Studio'. These don’t really stand out. That would change in the July 2019 CV. In that CV, she created a new section called 'Non Profits' and she put both grantLOVE Project and the Love House there. 

She also created a separate section for X Artists’ Books under 'Publishing House'.

http://alexandragrant.com/wp-content/uploads/2019/07/CV-Alexandra-Grant.pdf (now an http link - view at your own risk)





So, it becomes obvious that the formatting for the July 2019 CV was edited to make the 'Non-Profit' section and the 'Publishing House' section stand out as they would be strongly featured in the upcoming PR. Like I proved earlier, many of the PR articles that would come out post LACMA have backlinks that take you directly to the CV or the ‘about’ page, where the CV is located. There is no doubt in my mind this was done intentionally.

 

Also, the July 2019 CV shows that the last time it was modified was July 19, 2019 - in anticipation of LACMA.


Furthermore, if you compare the selected press from the Lowell Ryan CV to the July 2019 CV, you can see that she added the PR press that was done for her during the previous months (May-June 2019) - this shows continuity. 

 

Someone with malicious intent would not bother to add all of this extra favorable information. 

Someone who wants to impress would.

 



March 2020 CV

http://alexandragrant.com/wp-content/uploads/2020/03/Alexandra-Grant-CV-March-2020.pdf  (Now an http link - view at your own risk)


Now, when Alexandra Grant was called out for those lies in March 2020, she proceeded to 'correct' all of these entries. 

 

- She changed the Non Profit section to Projects. She added X Artists' Books to this section and changed founder to co-founder. The Love House was removed from the CV.

 

 

- She removed the Art Gallery of Ontario from the Permanent collection section and added a new entry - Orange County Museum of Art, Costa Mesa, CA.

- She updated the section regarding the time served on boards. 

 



It was a lot of updates; a lot of lies to correct. It is only after being called out publicly on social media that Alexandra Grant took measures to correct those lies.

 


Reason 2: Same format and font:

Both the July 2019 and March 2020 CVs use the exact same font and the exact same format. 

If the CV had been hacked, you would not simply edit the hacked CV. You would create a new one that looks visibly different from the hacked one. You would change the format and the font so that visually, someone can tell right away that they are looking at a different CV. This was not done. 

Incidentally, the same format and font is used for her current resume.

https://secureservercdn.net/198.71.233.29/13d.5cb.myftpupload.com/wp-content/uploads/2020/10/Alexandra-Grant-CV-November-2020.pdf




Reason 3: The Marfa entry:

The first entry under 'Solo Exhibitions' is the Solo Booth at Marfa Invitational which was to occur in April 2020 (it was cancelled due to the Pandemic and only happened this past April 2021). What is very peculiar about this entry is the fact that Marfa had yet to announce Alexandra Grant as an exhibitor; nor had they even announced that there would be another Marfa Invitational at that time.

 

They announced the April 2020 Marfa Invitational in this post on August 2, 2019.



They made this post on August 23, 2019 announcing that Alexandra Grant would have a solo booth at Marfa Invitational in April 2020. 



As previously stated, the last edited date for the July 2019 CV was July 19, 2019. The public announcement of her participation in this was over a month later (August 23, 2019). How would a hacker know that she would have a solo booth at Marfa BEFORE it was announced publicly? Are they psychic? 

 

The only logical explanation for the Marfa entry in the July 2019 CV is that Alexandra Grant put it there herself.



Reason 4: It's still there:

You would not allow the hacked CV to remain attached/linked to your website. You would do whatever is required to ensure that the CV was removed completely and as soon as possible. You would hire someone to do it because you would want to ensure that no trace of it was left and that any breach that may still exist be dealt with so that it does not happen again. Obviously this was not the case as the CV is still accessible and linked to her website.

 


Reason 5: There was no breach mentioned:

You would announce the breach on your personal website, Instagram and Facebook explaining that there was a breach on your website and that your CV was hacked, the result of which was that it was spreading false information worldwide. And, since some of that information pertains to grantLOVE Project, you would also have this message and explanation on the grantLOVE website, Instagram and Facebook. It’s not just about fixing the breach, it’s about stopping the spread of misinformation by informing and correcting the public. That is what an honorable individual does.

 

Doing this would be part of her Duty of Loyalty and Care as the manager of grantLOVE Project. Part of this duty is to ensure that the charitable entity is properly represented to the public. If something happens that causes the entity to be misrepresented to the public (like saying it's a non-profit when it is not), she has a duty to correct that. This was not done. ** By the way, this is also the case for any articles that mention it is a non-profit when it is not. She has a duty to correct that information.

 

Alexandra Grant would be foolish to try and use HACKING as an explanation for these lies being on her CV and on her site.   


All indications show that Alexandra Grant knew fully well that the July 2019 CV was on her website up until March 2020, when she edited it. Did she know that the CV was still tied to her site after that and that people could still access it? I don’t know. It stands to reason that she certainly would have found out if that individual on Instagram actually did contact her people to let them know. Maybe she did take steps to break the link by going to http? Maybe this is intentional? But to what end? The CV is still accessible and her site can now be compromised. Instead of making reparations, she actually made things worse.

 

The same individual on Instagram also tried to make the point that the July 2019 CV was a "hack" by mentioning that the resume Alexandra Grant uploaded to her site in November 2020 had a 'secure server cdn' link, which would imply that Alexandra Grant must have been hacked and needed to tighten security. They also mention that since the new link is from a different IP address, then this means she changed from GoDaddy to another hosting service (one that was more secure) most likely because of the breach.



 

This individual is misrepresenting information to suit the narrative they want to present. 

 

Is SECURE SERVER CDN on a different IP address than the previous CVs? Yes. 

 

Is it due to a change is hosting company? No. It's the same hosting company - GoDaddy. Secure Server CDN is GoDaddy's CDN server.

 

Although I can understand how some people may notice the SECURE SERVER CDN  address and conclude that it must be because they had previous problems with security (like getting hacked), and would need to take extra measures to prevent future breaches, but that is not the reason for that type of server. 

 

And this is what upsets me about what that Instagram account presented. They went through the trouble of figuring out the IP addresses for the JULY 2019 and March 2020 CVs in order to make their argument, but they failed to do the most basic and logical search first? Which would be to do a simple search on SECURE SERVER CDN and look at the results. 

 

Screen captured below is the top 'non-ad related' result from that search. Once you click on that link and read the information there, you quickly see that their 'conclusion' is biased and based on misinterpretation. As such, I feel that their arguments are completely manipulative and irresponsible. The relevant information is right there and very easy to find.



What is a CDN server?

 CDN stands for Content Delivery Network. 


The name explains what it does, it delivers content - static content. These servers help prevent the lag that people may experience when accessing sites from different parts of the world. Static files (files that don't change often but are larger and take longer to load like image files or pdfs) are cached (stored in memory) on various servers all around the world so that the webpage can load faster and smoother. It speeds up load time so that a user is not waiting for the page to load properly and for all the images to populate. When a web page is slow, people click away and move one. They just assume that there is a problem with the site and they take their surfing elsewhere. That is not good for business. These servers are used to prevent that, so that someone from China, accessing a website from LA, will be able to access the website as quickly and smoothly as someone who is in LA.


This is the same link from Google search I screen captured earlier. All of the screen captures below were captured from the webpage by following that link.

https://ca.godaddy.com/help/what-is-a-cdn-32168


 

Secure Server CDN is a CDN server offered by GoDaddy. So she's still with the same host, but the secure server CDN has a different IP address than the server used to host the rest of the website. The July 2019 and March 2020 CVs were not on the GoDaddy CDN server. The November 2020 CV is. That's why there are two different IP addresses.

 

The individual also made a comment concerning the dates in the links saying they are not relevant and can be modified to anything. Again, they are wrong. The date is very relevant as to when the document was uploaded to the server. The one thing that date does not reflect is the date the document was created or last edited. I have previously showed you that the last edited/modified date for the July 2019 CV was July 19, 2019; that the last edited/modified date for the March 2020 CV was March 13, 2020. The last edited date for the November 2020 CV is actually October 8, 2020 - not November. Also, if you look at where the blue arrow is pointing, you will see that the November 2020 CV is simply the March 2020 CV, which has been modified.

 



By the way, the November 2020 CV (https://secureservercdn.net/198.71.233.29/13d.5cb.myftpupload.com/wp-content/uploads/2020/10/Alexandra-Grant-CV-November-2020.pdf) is not the only thing stored on GoDaddy's Secure Server CDN. She has many image files stored there as well.  

 

You can check what image file are on a page by clicking the lock (or broken lock in this case) to the left of the url for the page and then on 'More Information'. From there you can see what other links are stored on that web page under the 'media' tab. At this point you can click on the various links and it will show you the image that is connected to that link in the bottom window. You can also copy and paste that link/url and get to it in a web browser. 

 




 

You do not need special permissions to do this. Anyone can do this from their own browser. This is freely available information that anyone can get from any web page online.

 

As you can see, she has numerous files on Secure Server CDN, not just the CV. I don't believe this change had anything to with making the site more secure and everything to do with making the site faster for everyone all over the world. 

 
If anything, this is a very strong indication that her digital marketing campaign worked and people from all over the world were now looking her up, wanting to know more about her and that traffic to her personal website increased significantly post LACMA, which made the CDN server a requirement. And if that is the case, then removing the SSL certificate, going from https (secure) to http (not secure) at a time when you KNOW more people are accessing your site is completely irresponsible and unethical.

 

It has been almost 2 months since this happened to her site. Which makes it seem like it was done intentionally and not by some accident or technical issue.

 

Honestly, I find this situation to be rather alarming. I'm not sure what is going on? It is alarming enough that I felt it proper to advise the Attorney General, as there is information on her website that pertains to grantLOVE Project and she has created a situation that may allow for that information to be compromised.  

 

It is also alarming enough that I thought it would be unethical of me not to advise the public that her website, in its current state, is not safe. The security features meant to protect her site and the privacy and safety of her visitors have been disabled or removed. I am hoping that she will take steps to remedy this situation. Until that time...

 

ALEXANDRAGRANT.COM - CAUTION

4 comments:

  1. Incredible research. Good work. Her 2019 resume is not available on her wiki page however. If you do a Google search of Alexandra Grant and look at the Wikipedia page and go to Reference #16, click on the hyperlink you get an error message.

    ReplyDelete
    Replies
    1. Thank you,

      Yes, the hyperlink on the Wikipedia page is an https link. That is why it does not work. When the SSL certificate was removed from her website, it changed the address from https to http. It broke that hyperlink. The CV is still attached to her website but it is now an http link. I did a short video of this in this post (it's a little blurry - unfortunately). At the time I did the video, the July 2019 CV was reference #15. In the video, I click on the hyperlink and get an error. I then remove the 's' after the http in the web address at the top of the screen, therefore changing the address from https to an http address, and the link then works with no errors. The July CV can be accessed by removing the 's' in the hyperlink address.

      I felt the need to do the video for two reasons:

      1- It proves that the link used to be https and is now http, which means the SSL certificate was removed, and

      2- It hopefully prevents others from testing this out themselves to see that the CV is still accessible. Her website, in it's current state, is not secure and there is no privacy for the visitors of her site. As such, I felt it would be irresponsible of me to say that this works and not show that this works. Just trying to minimize exposure for others.

      Delete
  2. Bravo -- really thorough information.

    ReplyDelete