Appendix B – Profile Construction Basics

Appendix B – Profile Construction Basics

This appendix provides guidance on how to manually build a CARS Profile using the official 10-section template. It covers formatting standards, editing practices, and common tips for reducing errors, maintaining privacy, and ensuring long-term reuse.

🧩 1. Profile Assembly Methodology

  • Begin by duplicating the CARS_Profile_Template.md file.
  • Rename it using the naming format:
    {CARName}_vX.Y-YYYY-MM-DD.md
  • Complete all Required Subheadings first, then review applicable Recommended and Reserved SLOTs.
  • Use AI Assistants only where privacy risk is low or anonymised data is substituted.

🛠 2. Editing Do’s and Don’ts

  • ✅ Always preserve section and heading structure
  • ✅ You may add Redefinable Level 2 Subheadings freely
  • ❌ Do not modify existing Required or Reserved Subheadings
  • ✅ Use clear { } placeholders for any missing manual entries
  • ✅ Use italics for explanatory instructions
  • ✅ Mark unused Recommended fields with *None provided*

🧠 3. Strategic Tips for Profile Builders

  • Start with lowest-risk CARs if you’re new — gain confidence first
  • Consider modular reuse: build one clean Driver, then duplicate
  • Add Search Tags and a CARS Category for improved discoverability
  • Regularly back up your CARs — both encrypted and offline if needed
  • Document context for future use: “Why was this CAR created?”

🔁 4. Risk Propagation Across CARs

Even isolated CARs can inherit or transmit risk.

When building a new CAR, ask:

  • Does this CAR reuse devices, browsers, or accounts from a high-risk profile?
  • Could compromise of this CAR expose my real identity or other compartments?
  • Is this CAR “at risk” due to the Driver, Destination, or shared infrastructure?

Tips:

  • Use a Cross-CAR Risk Map (see Appendix E)
  • Assign a Risk Level to each CAR early (Low → Extreme)
  • Consider using an Isolation CAR for high-risk use cases (e.g., whistleblowing, finance)

Avoid overlapping:

  • VPN configurations
  • DNS providers
  • Cloud storage
  • Recovery emails

🔐 5. Sharing and Privacy Reminders

Before sharing a CAR Profile with:

  • An AI Assistant
  • Another user
  • A public repository

…remove or relocate any personal information to a Global “Personal Information” Subheading block.

Always review the CAR for:

  • Embedded usernames
  • Linked emails or UUIDs
  • File paths or system logs
  • Real names or locations
  • See Appendix A for slot usage basics
  • See Appendix E for advanced threat modeling
  • Refer to the official CARS_Profile_Template.md file in the Project Files Repository