Theodor Schnitzler
Assistant Professor · theodor.schnitzler@maastrichtuniversity.nl
I am an Assistant Professor for computer security at the Department of Advanced Computing Sciences at Maastricht University in the Netherlands. My main area of research is user privacy in online environments from both technical and HCI perspectives.
Previously, I had a postdoc position at the Research Center Trustworthy Data Science and Security at TU Dortmund in Germany.
After studying computer science at TU Dortmund I specialized in usable security and privacy. In 2022, I received my PhD from Ruhr University Bochum, where I worked in the Mobile Security Group and was advised by Prof. Dr. Markus Dürmuth. My co-advisor was Prof. Dr. Christina Pöpper from the Cyber Security and Privacy Lab at New York University Abu Dhabi in the UAE, where I also spent memorable time abroad for a research visit in early 2020.
Education
Doctorate (Dr.-Ing.)
Ruhr University Bochum, Information Security Group & Mobile Security Group
December 2016 – June 2022
M.Sc. in Computer Science
TU Dortmund
November 2012 – September 2016
B.Sc. in Computer Science
TU Dortmund
October 2009 – November 2012
Experience
Assistant Professor
Maastricht University, Department of Advanced Computing Sciences
since April 2024
Postdoctoral Researcher
TU Dortmund, Research Center Trustworthy Data Science and Security
July 2022 - April 2024
Research Assistant
Ruhr University Bochum, Information Security Group & Mobile Security Group
December 2016 – June 2022
Visiting Academic
New York University Abu Dhabi, Cyber Security and Privacy Lab
January 2020
Student Assistant
Fraunhofer-Institut für Software- und Systemtechnik, Compliance and Security Group
April 2012 – March 2015
Publications & Talks
Last Update: July 2024
2024
Evangelos Bitsikas, Theodor Schnitzler, Christina Pöpper, Aanjhan Ranganathan
Amplifying Threats: The Role of Multi-Sender Coordination in SMS-Timing-Based Location Inference Attacks
USENIX WOOT Conference on Offensive Technologies (WOOT '24)Philadelphia, PA, USA · August 12–13, 2024
@inproceedings{bitsikas24:amplifying-threats-role,
author = {Bitsikas, Evangelos and Schnitzler, Theodor and P{\"o}pper, Christina and Ranganathan, Aanjhan},
title = {{Amplifying Threats: The Role of Multi-Sender Coordination in SMS-Timing-Based Location Inference Attacks}},
booktitle = {USENIX WOOT Conference on Offensive Technologies},
series = {WOOT~'24},
address = {Philadelphia, PA, USA},
month = aug,
pages = {},
year = {2024},
publisher = {USENIX Association}
}Magdalena Wischnewski, Nicole Krämer, Christian Janiesch, Emmanuel Müller, Theodor Schnitzler, Carina Newen
In Seal We Trust? Investigating the Effect of Certifications on Perceived Trustworthiness of AI Systems
Human-Machine Communication, Volume 8, Issue 1, No. 7Autumn Edwards, Chad Edwards, Patric R. Spence (Eds.)
Western Michigan University · Kalamazoo, MI, USA · June 21, 2024
@article{wischnewski24:seal-trust-investigating,
author = {Wischnewski, Magdalena and Kr{\"a}mer, Nicole and Janiesch, Christian and M{\"u}ller, Emmanuel and Schnitzler, Theodor and Newen, Carina},
title = {{In Seal We Trust? Investigating the Effect of Certifications on Perceived Trustworthiness of AI Systems}},
journal = {Human-Machine Communication},
volume = {8},
number = {7},
month = jun,
pages = {141--162},
year = {2024},
publisher = {Western Michigan University}
}
2023
Marvin Kowalewski, Christine Utz, Martin Degeling, Theodor Schnitzler, Franziska Herbert, Leonie Schaewitz, Florian M. Farke, Steffen Becker, Markus Dürmuth
52 Weeks Later: Attitudes Towards COVID-19 Apps for Different Purposes Over Time
ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW '23)Minneapolis, MN, USA · October 14–18, 2023
@inproceedings{kowalewski23:52-weeks-later,
author = {Kowalewski, Marvin and Utz, Christine and Degeling, Martin and Schnitzler, Theodor and Herbert, Franziska and Schaewitz, Leonie and Farke, Florian M. and Becker, Steffen and D{\"u}rmuth, Markus},
title = {{52 Weeks Later: Attitudes Towards COVID-19 Apps for Different Purposes Over Time}},
booktitle = {ACM Conference On Computer-Supported Cooperative Work And Social Computing},
series = {CSCW~'23},
address = {Minneapolis, MN, USA},
month = oct,
pages = {},
year = {2023},
publisher = {ACM}
}Evangelos Bitsikas, Theodor Schnitzler, Christina Pöpper, Aanjhan Ranganathan
Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings
USENIX Security Symposium (USENIX '23)Anaheim, CA, USA · August 9–11, 2023
@inproceedings{bitsikas23-freaky-leaky-sms,
author = {Bitsikas, Evangelos and Schnitzler, Theodor and P{\"o}pper, Christina and Ranganathan, Aanjhan},
title = {{Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings}},
booktitle = {USENIX Security Symposium},
series = {USENIX~'23},
address = {Anaheim, CA, USA},
month = aug,
pages = {},
year = {2023},
publisher = {USENIX Association}
}Theodor Schnitzler
Measuring Messengers: Analyzing Infrastructures and Message Timings to Extract User Locations in Instant Messengers
Workshop on Learning from Authoritative Security Experiment Results (LASER '23)San Diego, CA, USA · March 3, 2023
Theodor Schnitzler, Katharina Kohls, Evangelos Bitsikas, Christina Pöpper
Hope of Delivery: Extracting User Locations From Mobile Instant Messengers
The Network and Distributed System Security Symposium (NDSS '23)San Diego, CA, USA · February 28–March 2, 2023
@inproceedings{schnitzler23:hope-delivery-extracting,
author = {Schnitzler, Theodor and Kohls, Katharina and Bitsikas, Evangelos and P{\"o}pper, Christina},
title = {{Hope of Delivery: Extracting User Locations From Mobile Instant Messengers}},
booktitle = {Network and Distributed System Security Symposium},
series = {NDSS~'23},
address = {San Diego, CA, USA},
month = feb,
pages = {},
year = {2023},
publisher = {The Internet Society}
}
2022
Philipp Markert, Theodor Schnitzler, Maximilian Golla, Markus Dürmuth
“As soon as it's a risk, I want to require MFA”: How Administrators Configure Risk-based Authentication
Symposium on Usable Privacy and Security (SOUPS '22)Boston, MA, USA · August 7–9, 2022 · A/R: 27.8%
@inproceedings{markert22:soon-risk-want,
author = {Markert, Philipp and Schnitzler, Theodor and Golla, Maximilian and D\"{u}rmuth, Markus},
title = {{``As soon as it's a risk, I want to require MFA'': How Administrators Configure Risk-based Authentication}},
booktitle = {USENIX Symposium On Usable Privacy and Security},
year = {2022},
series = {SOUPS~'22},
pages = {483--501},
address = {Boston, MA, USA},
month = aug,
publisher = {USENIX}
}Franziska Herbert, Marvin Kowalewski, Theodor Schnitzler, Leona Lassak, Markus Dürmuth
“Fast, Easy, Convenient.” Studying Adoption and Perception of Digital Covid Certificates
Symposium on Usable Privacy and Security (SOUPS '22)Boston, MA, USA · August 7–9, 2022 · A/R: 27.8%
@inproceedings{herbert22:fast-easy-convenient,
author = {Herbert, Franziska and Kowalewski, Marvin and Schnitzler, Theodor and Lassak, Leona and D\"{u}rmuth, Markus},
title = {{``Fast, Easy, Convenient.'' Studying Adoption and Perception of Digital Covid Certificates}},
booktitle = {USENIX Symposium On Usable Privacy and Security},
year = {2022},
series = {SOUPS~'22},
pages = {463--482},
address = {Boston, MA, USA},
month = aug,
publisher = {USENIX}
}Christine Utz, Steffen Becker, Theodor Schnitzler, Florian M. Farke, Franziska Herbert, Leonie Schaewitz, Martin Degeling, Markus Dürmuth
POSTER: Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents
Symposium on Usable Privacy and Security (SOUPS '22)Boston, MA, USA · August 7–9, 2022
@inproceedings{utz22:poster-apps-against,
author = {Utz, Christine and Becker, Steffen and Schnitzler, Theodor and Farke, Florian M. and Herbert, Franziska and Schaewitz, Leonie and Degeling, Martin and D{\"u}rmuth, Markus},
title = {{POSTER: Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents}},
booktitle = {USENIX Symposium On Usable Privacy and Security},
year = {2022},
series = {SOUPS~'22},
pages = {},
address = {Boston, MA, USA},
month = aug,
publisher = {USENIX}
}Martin Degeling, Christine Utz, Florian M. Farke, Franziska Herbert, Leonie Schaewitz, Marvin Kowalewski, Steffen Becker, Theodor Schnitzler, Markus Dürmuth
Die Nutzung von Smartphone-Apps zur Eindämmung von COVID-19 in Deutschland
in: Technologien der Krise – Die Covid-19-Pandemie als Katalysator neuer Formen der Vernetzung
Dennis Krämer, Joschka Haltaufderheide, Jochen Vollmann (Eds.)
Transcript Verlag · Bielefeld, Germany · July 4, 2022
@incollection{degeling22:nutzung-smartphone-apps,
author = {Degeling, Martin and Utz, Christine and Farke, Florian M. and Herbert, Franziska and Schaewitz, Leonie and Kowalewski, Marvin and Becker, Steffen and Schnitzler, Theodor and D{\"u}rmuth, Markus},
title = {{Die Nutzung von Smartphone-Apps zur Eind{\"a}mmung von COVID-19 in Deutschland}},
editor = {Kr{\"a}mer, Dennis and Haltaufderheide, Joschka and Vollman, Jochen},
booktitle = {{Technologien der Krise~--~Die Covid-19-Pandemie als Katalysator der Vernetzung}},
address = {Bielefeld, Germany},
month = jul,
pages = {133--154},
year = {2022},
publisher = {Transcript Verlag}
}Vera Rimmer, Theodor Schnitzler, Tom Van Goethem, Abel Rodriguez Romero, Wouter Joosen, Katharina Kohls
Trace Oddity: Methodologies for Data-Driven Traffic Analysis on Tor
Privacy Enhancing Technologies Symposium (PETS '22)Sydney, Australia · July 11–15, 2022 · A/R: 24.0%
@inproceedings{rimmer22:trace-oddity-methodologies,
author = {Rimmer, Vera and Schnitzler, Theodor and Van Goethem, Tom and Rodr{\'i}guez Romero and Joosen, Wouter and Kohls, Katharina},
title = {{Trace Oddity: Methodologies for Data-Driven Traffic Analysis on Tor}},
booktitle = {Privacy Enhancing Technologies Symposium},
series = {PETS~'22},
address = {Sydney, Australia},
month = jul,
pages = {314--335},
year = {2022},
publisher = {Sciendo}
}Marvin Kowalewski, Franziska Herbert, Theodor Schnitzler, Markus Dürmuth
Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates
Privacy Enhancing Technologies Symposium (PETS '22)Sydney, Australia · July 11–15, 2022 · A/R: 24.0%
@inproceedings{kowalewski22:proof-vax-studying,
author = {Kowalewski, Marvin and Herbert, Franziska and Schnitzler, Theodor and D{\"u}rmuth, Markus},
title = {{Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates}},
booktitle = {Privacy Enhancing Technologies Symposium},
series = {PETS~'22},
address = {Sydney, Australia},
month = jul,
pages = {317--338},
year = {2022},
publisher = {Sciendo}
}
2021
Theodor Schnitzler, Christina Pöpper, Markus Dürmuth, Katharina Kohls
We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor
IEEE European Symposium on Security and Privacy (EuroS&P '21)Virtual Conference · September 6–10, 2021
@inproceedings{schnitzler21:built-this-circuit,
author = {Schnitzler, Theodor and P{\"o}pper, Christina and D{\"u}rmuth, Markus and Kohls, Katharina},
title = {{We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor}},
booktitle = {IEEE European Symposium on Security and Privacy},
series = {EuroS\&P~'21},
address = {Virtual Event},
month = sep,
pages = {319--336},
year = {2021},
publisher = {IEEE}
}Theodor Schnitzler, Shujaat Mirza, Markus Dürmuth, Christina Pöpper
SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data
Privacy Enhancing Technologies Symposium (PETS '21)Gather Town, The Internet · July 12–16, 2021 · A/R: 18.8%
@inproceedings{schnitzler21:managing-longitudinal-privacy,
author = {Schnitzler, Theodor and Mirza, Shujaat and D{\"u}rmuth, Markus and P{\"o}pper, Christina},
title = {{SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data}},
booktitle = {Privacy Enhancing Technologies Symposium},
series = {PETS~'21},
address = {Virtual Event},
month = jul,
pages = {229--249},
year = {2021},
publisher = {Sciendo}
}Christine Utz, Steffen Becker, Theodor Schnitzler, Florian M. Farke, Franziska Herbert, Leonie Schaewitz, Martin Degeling, Markus Dürmuth
Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents
ACM CHI Conference on Human Factors in Computing Systems (CHI '21)Virtual Conference · May 8–13, 2021 · A/R: 26.3%
@inproceedings{utz21:apps-against-spread,
author = {Utz, Christine and Becker, Steffen and Schnitzler, Theodor and Farke, Florian M. and Herbert, Franziska and Schaewitz, Leonie and Degeling, Martin and D{\"u}rmuth, Markus},
title = {{Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents}},
booktitle = {ACM CHI Conference on Human Factors in Computing Systems},
series = {CHI~'21},
address = {Virtual Event},
month = may,
year = {2021},
publisher = {ACM}
}
2020
Florian M. Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, Markus Dürmuth
“You still use the password after all” – Exploring FIDO2 Security Keys in a Small Company
Symposium on Usable Privacy and Security (SOUPS '20)Virtual Conference · August 7–11, 2020 · A/R: 19.8%
@inproceedings{farke20:you-still-use,
author = {Farke, Florian M .and Lorenz, Lennart and Schnitzler, Theodor and Markert, Philipp and D{\"u}rmuth, Markus},
title = {{``You still use the password after all''~--~Exploring FIDO2 Security Keys in a Small Company}},
booktitle = {USENIX Symposium On Usable Privacy and Security},
series = {SOUPS~'20},
address = {Virtual Event},
month = aug,
pages = {19--35},
year = {2020},
publisher = {USENIX}
}Theodor Schnitzler, Christine Utz, Florian M. Farke, Christina Pöpper, Markus Dürmuth
Exploring User Perceptions of Deletion in Mobile Instant Messaging Applications
Journal of Cybersecurity, Volume 6, Issue 1Tyler Moore, David Pym (Eds.)
Oxford University Press · Oxford, UK · January 30, 2020
@article{schnitzler20:exploring-user-perceptions,
author = {Schnitzler, Theodor and Utz, Christine and Farke, Florian M. and P{\"o}pper, Christina and D{\"u}rmuth, Markus},
title = {{Exploring User Perceptions of Deletion in Mobile Instant Messaging Applications}},
journal = {Journal of Cybersecurity},
volume = {6},
number = {1},
month = jan,
pages = {1--15},
year = {2020},
publisher = {Oxford University Press}
}
2019
Theodor Schnitzler, Markus Dürmuth, Christina Pöpper
Towards Contractual Agreements for Revocation of Online Data
ICT Systems Security and Privacy Protection (IFIP SEC '19)Lisbon, Portugal · June 25–27, 2019
@inproceedings{schnitzler19:towards-contractual-agreements,
author = {Schnitzler, Theodor and D{\"u}rmuth, Markus and P{\"o}pper, Christina},
title = {{Towards Contractual Agreements for Revocation of Online Data}},
booktitle = {IFIP International Conference on ICT Systems Security and Privacy Protection},
series = {IFIP SEC~'19},
pages = {374--387},
address = {Lisbon, Portugal},
month = jun,
year = {2019},
publisher = {Springer}
}
2018
Theodor Schnitzler, Christine Utz, Florian M. Farke, Christina Pöpper, Markus Dürmuth
POSTER: User Perception and Expectations on Deleting Instant Messages – or – “What Happens If I Press This Button?”
Symposium on Usable Privacy and Security (SOUPS '18)Baltimore, MD, USA · August 12–14, 2018
@inproceedings{schnitzler18:poster-user-perception,
author = {Schnitzler, Theodor and Utz, Christine and Farke, Florian M. and P{\"o}pper, Christina and D{\"u}rmuth, Markus},
title = {{User Perception and Expectations on Deleting Instant Messages --~or~-- ``What Happens If I Press This Button?''}},
booktitle = {USENIX Symposium On Usable Privacy and Security},
series = {SOUPS~'18},
pages = {1--5},
address = {Baltimore, MD, USA},
month = aug,
year = {2018},
publisher = {USENIX}
}Maximilian Golla, Theodor Schnitzler, Markus Dürmuth
“Will Any Password Do?” Rate Limiting on the Web
Who are you? Adventures in Authentication Workshop (WAY '18)Baltimore, MD, USA · August 12, 2018
@inproceedings{golla18:will-any-password,
author = {Golla, Maximilian and Schnitzler, Theodor and D{\"u}rmuth, Markus},
title = {{``Will Any Password Do?'' Exploring Rate-Limiting on the Web}},
booktitle = way,
series = {WAY~'18},
pages = {1--5},
address = {Baltimore, MD, USA},
month = aug,
year = {2018}
}Theodor Schnitzler, Christine Utz, Florian M. Farke, Christina Pöpper, Markus Dürmuth
User Perception and Expectations on Deleting Instant Messages – or – “What Happens If I Press This Button?”
European Workshop on Usable Security (EuroUSEC '18)London, UK · April 23, 2018
@inproceedings{schnitzler18:user-perception-expectations,
author = {Schnitzler, Theodor and Utz, Christine and Farke, Florian M. and P{\"o}pper, Christina and D{\"u}rmuth, Markus},
title = {{User Perception and Expectations on Deleting Instant Messages --~or~-- ``What Happens If I Press This Button?''}},
booktitle = {European Workshop on Usable Security},
series = {EuroUSEC~'18},
pages = {1--9},
address = {London, UK},
month = apr,
year = {2018},
publisher = {The Internet Society}
}Academic Service
- Technical Program Committee: 23rd International Conference on Applied Cryptography and Network Security (ACNS '25)
- Technical Program Committee: The Network and Distributed System Security Symposium (NDSS '25)
- Reviewer: ACM CHI Conference on Human Factors in Computing Systems (CHI '24)
- Technical Program Committee: The Network and Distributed System Security Symposium (NDSS '24)
- Reviewer: ACM CHI Conference on Human Factors in Computing Systems (CHI '23)
- Reviewer: ACM Conference on Computer-Supported Cooperative Work And Social Computing (CSCW '23)
- Publicity Chair: European Symposium on Usable Security (EuroUSEC '22)
- Poster Jury: Symposium on Usable Privacy and Security (SOUPS '22)
- Publicity Chair: European Symposium on Usable Security (EuroUSEC '21)
- External Reviewer: 42nd IEEE Symposium on Security and Privacy (S&P '21)
- Reviewer: Journal of Cybersecurity (JCS '19)
- External Reviewer: 16th Symposium on Usable Privacy and Security (SOUPS '20)
- External Reviewer: 29th USENIX Security Symposium (USENIX Sec '20)
- External Reviewer: 41st IEEE Symposium on Security and Privacy (S&P '20)
- External Reviewer: The Network and Distributed System Security Symposium (NDSS '20)
- External Reviewer: 24th European Symposium on Research in Computer Security (ESORICS '19)
- External Reviewer: 17th International Conference on Applied Cryptography and Network Security (ACNS '19)
- External Reviewer: 28th USENIX Security Symposium (USENIX Sec '19)
- External Reviewer: The Network and Distributed System Security Symposium (NDSS '19)
- External Reviewer: 23rd European Symposium on Research in Computer Security (ESORICS '18)
- External Reviewer: 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID '18)
- Poster Jury: 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '18)
- External Reviewer: 27th USENIX Security Symposium (USENIX Sec '18)
- External Reviewer: 39th IEEE Symposium on Security and Privacy (S&P '18)
- External Reviewer: The Network and Distributed System Security Symposium (NDSS '18)
- External Reviewer: 11th USENIX Workshop on Offensive Technologies (WOOT '17)
- External Reviewer: 22nd European Symposium on Research in Computer Security (ESORICS '17)
- External Reviewer: 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '17)
- External Reviewer: 15th International Conference on Applied Cryptography and Network Security (ACNS '17)
- External Reviewer: 26th USENIX Security Symposium (USENIX Sec '17)
Teaching
Supervised Theses
- Marius Arnhold: Localization of Tor Hidden Services Using Timing Side Channels (Master's Thesis · 2020)
- Jonathan Werding: Measuring and Evaluating Timing Probes on iOS (Bachelor's Thesis · 2020)
- Florian Pfützenreuter: User Localization Through Messenger Probing (Master's Thesis · 2020)
- Jacqueline Basdorf: Disspelling Password Myths: Reviewing Account Security Mechanisms (Master's Thesis · 2020)
- Jens Opdenbusch: The Right to Remain Forgotten? Retroactive Deletion in Backup Software (Bachelor's Thesis · 2019)
- Elias Hejazi: Towards Implementing Digital Forgetting Based on Internet Connection Properties (Master's Thesis · 2019)
- Johanna Jupke: Concepts of Qualified Electronic Signatures as Remote Electronic Signatures Usability of a Prototype Implementation (Master's Thesis · 2017)
- Florian M. Farke: User Expectations of Digital Forgetting (Master's Thesis · 2017)
Courses
- BENS2001 Computer Science Skills · School of Business and Economics (SBE) at Maastricht University · 2024 (Course Coordinator, 178 Students)
- SCI2011 Introduction to Programming · University College Maastricht (UCM) · 2024 (Course Coordinator, 32 Students)
- IT-Sicherheit für Geistes- und Gesellschaftswissenschaften · Summer 2021 (Co-instructor, 20 Students)
- Programmieren in C · Winter 2020/2021 (Course organization, 4 Co-instructors, 105 Students)
- IT-Sicherheit für Geistes- und Gesellschaftswissenschaften · Summer 2020 (Co-instructor, 15 Students)
- Programmieren in C · Winter 2019/2020 (Course organization, 16 Co-instructors, 440 Students)
- IT-Sicherheit für Geistes- und Gesellschaftswissenschaften · Summer 2019 (Co-instructor, 20 Students)
- Programmieren in C · Winter 2018/2019 (Course organization, 15 Co-instructors, 605 Students)
- IT-Sicherheit für Geistes- und Gesellschaftswissenschaften · Summer 2018 (Co-instructor, 35 Students)
- IT-Sicherheit für Geistes- und Gesellschaftswissenschaften · Summer 2017 (Co-instructor, 30 Students)
Seminars
- Usable Security and Privacy Research · Summer 2020 – Summer 2021 (Supervisor, 5 Students)
- Human Centered Security and Privacy · Summer 2018 – Winter 2019/2020 (Supervisor, 5 Students)
- Security and Privacy of Wireless Networks and Mobile Devices · Summer 2017 – Winter 2017/2018 (Supervisor, 5 Students)