Theodor Schnitzler

Assistant Professor · theodor.schnitzler@maastrichtuniversity.nl

I am an Assistant Professor for computer security at the Department of Advanced Computing Sciences at Maastricht University in the Netherlands. My main area of research is user privacy in online environments from both technical and HCI perspectives.

Previously, I had a postdoc position at the Research Center Trustworthy Data Science and Security at TU Dortmund in Germany.

After studying computer science at TU Dortmund I specialized in usable security and privacy. In 2022, I received my PhD from Ruhr University Bochum, where I worked in the Mobile Security Group and was advised by Prof. Dr. Markus Dürmuth. My co-advisor was Prof. Dr. Christina Pöpper from the Cyber Security and Privacy Lab at New York University Abu Dhabi in the UAE, where I also spent memorable time abroad for a research visit in early 2020.

Responsive image

Education


Doctorate (Dr.-Ing.)
Ruhr University Bochum, Information Security Group & Mobile Security Group
December 2016 – June 2022
M.Sc. in Computer Science
TU Dortmund
November 2012 – September 2016
B.Sc. in Computer Science
TU Dortmund
October 2009 – November 2012

Experience


Assistant Professor
Maastricht University, Department of Advanced Computing Sciences
since April 2024
Postdoctoral Researcher
TU Dortmund, Research Center Trustworthy Data Science and Security
July 2022 - April 2024
Research Assistant
Ruhr University Bochum, Information Security Group & Mobile Security Group
December 2016 – June 2022
Visiting Academic
New York University Abu Dhabi, Cyber Security and Privacy Lab
January 2020
Student Assistant
Fraunhofer-Institut für Software- und Systemtechnik, Compliance and Security Group
April 2012 – March 2015

Publications & Talks

DBLP Google Scholar Semantic Scholar ORCID
Last Update: July 2024


2024

Evangelos Bitsikas, Theodor Schnitzler, Christina Pöpper, Aanjhan Ranganathan

Amplifying Threats: The Role of Multi-Sender Coordination in SMS-Timing-Based Location Inference Attacks

USENIX WOOT Conference on Offensive Technologies (WOOT '24)
Philadelphia, PA, USA · August 12–13, 2024
BibTeX Entry
@inproceedings{bitsikas24:amplifying-threats-role,
    author = {Bitsikas, Evangelos and Schnitzler, Theodor and P{\"o}pper, Christina and Ranganathan, Aanjhan},
    title = {{Amplifying Threats: The Role of Multi-Sender Coordination in SMS-Timing-Based Location Inference Attacks}},
    booktitle = {USENIX WOOT Conference on Offensive Technologies},
    series = {WOOT~'24},
    address = {Philadelphia, PA, USA},
    month = aug,
    pages = {},
    year = {2024},
    publisher = {USENIX Association}
}
Magdalena Wischnewski, Nicole Krämer, Christian Janiesch, Emmanuel Müller, Theodor Schnitzler, Carina Newen

In Seal We Trust? Investigating the Effect of Certifications on Perceived Trustworthiness of AI Systems

Human-Machine Communication, Volume 8, Issue 1, No. 7
Autumn Edwards, Chad Edwards, Patric R. Spence (Eds.)
Western Michigan University · Kalamazoo, MI, USA · June 21, 2024
BibTeX Entry
@article{wischnewski24:seal-trust-investigating,
    author = {Wischnewski, Magdalena and Kr{\"a}mer, Nicole and Janiesch, Christian and M{\"u}ller, Emmanuel and Schnitzler, Theodor and Newen, Carina},
    title = {{In Seal We Trust? Investigating the Effect of Certifications on Perceived Trustworthiness of AI Systems}},
    journal = {Human-Machine Communication},
    volume = {8},
    number = {7},
    month = jun,
    pages = {141--162},
    year = {2024},
    publisher = {Western Michigan University}
}


2023

Marvin Kowalewski, Christine Utz, Martin Degeling, Theodor Schnitzler, Franziska Herbert, Leonie Schaewitz, Florian M. Farke, Steffen Becker, Markus Dürmuth

52 Weeks Later: Attitudes Towards COVID-19 Apps for Different Purposes Over Time

ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW '23)
Minneapolis, MN, USA · October 14–18, 2023
BibTeX Entry
@inproceedings{kowalewski23:52-weeks-later,
    author = {Kowalewski, Marvin and Utz, Christine and Degeling, Martin and Schnitzler, Theodor and Herbert, Franziska and Schaewitz, Leonie and Farke, Florian M. and Becker, Steffen and D{\"u}rmuth, Markus},
    title = {{52 Weeks Later: Attitudes Towards COVID-19 Apps for Different Purposes Over Time}},
    booktitle = {ACM Conference On Computer-Supported Cooperative Work And Social Computing},
    series = {CSCW~'23},
    address = {Minneapolis, MN, USA},
    month = oct,
    pages = {},
    year = {2023},
    publisher = {ACM}
}
Evangelos Bitsikas, Theodor Schnitzler, Christina Pöpper, Aanjhan Ranganathan

Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings

USENIX Security Symposium (USENIX '23)
Anaheim, CA, USA · August 9–11, 2023
BibTeX Entry
@inproceedings{bitsikas23-freaky-leaky-sms,
    author = {Bitsikas, Evangelos and Schnitzler, Theodor and P{\"o}pper, Christina and Ranganathan, Aanjhan},
    title = {{Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings}},
    booktitle = {USENIX Security Symposium},
    series = {USENIX~'23},
    address = {Anaheim, CA, USA},
    month = aug,
    pages = {},
    year = {2023},
    publisher = {USENIX Association}
}
Theodor Schnitzler

Measuring Messengers: Analyzing Infrastructures and Message Timings to Extract User Locations in Instant Messengers

Workshop on Learning from Authoritative Security Experiment Results (LASER '23)
San Diego, CA, USA · March 3, 2023
Theodor Schnitzler, Katharina Kohls, Evangelos Bitsikas, Christina Pöpper

Hope of Delivery: Extracting User Locations From Mobile Instant Messengers

The Network and Distributed System Security Symposium (NDSS '23)
San Diego, CA, USA · February 28–March 2, 2023
BibTeX Entry
@inproceedings{schnitzler23:hope-delivery-extracting,
    author = {Schnitzler, Theodor and Kohls, Katharina and Bitsikas, Evangelos and P{\"o}pper, Christina},
    title = {{Hope of Delivery: Extracting User Locations From Mobile Instant Messengers}},
    booktitle = {Network and Distributed System Security Symposium},
    series = {NDSS~'23},
    address = {San Diego, CA, USA},
    month = feb,
    pages = {},
    year = {2023},
    publisher = {The Internet Society}
}


2022

Philipp Markert, Theodor Schnitzler, Maximilian Golla, Markus Dürmuth

“As soon as it's a risk, I want to require MFA”: How Administrators Configure Risk-based Authentication

Symposium on Usable Privacy and Security (SOUPS '22)
Boston, MA, USA · August 7–9, 2022 · A/R: 27.8%
BibTeX Entry
@inproceedings{markert22:soon-risk-want, 
    author = {Markert, Philipp and Schnitzler, Theodor and Golla, Maximilian and D\"{u}rmuth, Markus}, 
    title = {{``As soon as it's a risk, I want to require MFA'': How Administrators Configure Risk-based Authentication}}, 
    booktitle = {USENIX Symposium On Usable Privacy and Security}, 
    year = {2022}, 
    series = {SOUPS~'22}, 
    pages = {483--501}, 
    address = {Boston, MA, USA}, 
    month = aug, 
    publisher = {USENIX}
}
Franziska Herbert, Marvin Kowalewski, Theodor Schnitzler, Leona Lassak, Markus Dürmuth

“Fast, Easy, Convenient.” Studying Adoption and Perception of Digital Covid Certificates

Symposium on Usable Privacy and Security (SOUPS '22)
Boston, MA, USA · August 7–9, 2022 · A/R: 27.8%
BibTeX Entry
@inproceedings{herbert22:fast-easy-convenient, 
    author = {Herbert, Franziska and Kowalewski, Marvin and Schnitzler, Theodor and Lassak, Leona and D\"{u}rmuth, Markus}, 
    title = {{``Fast, Easy, Convenient.'' Studying Adoption and Perception of Digital Covid Certificates}}, 
    booktitle = {USENIX Symposium On Usable Privacy and Security}, 
    year = {2022}, 
    series = {SOUPS~'22}, 
    pages = {463--482}, 
    address = {Boston, MA, USA}, 
    month = aug, 
    publisher = {USENIX}
}
Christine Utz, Steffen Becker, Theodor Schnitzler, Florian M. Farke, Franziska Herbert, Leonie Schaewitz, Martin Degeling, Markus Dürmuth

POSTER: Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents

Symposium on Usable Privacy and Security (SOUPS '22)
Boston, MA, USA · August 7–9, 2022
BibTeX Entry
@inproceedings{utz22:poster-apps-against, 
    author = {Utz, Christine and Becker, Steffen and Schnitzler, Theodor and Farke, Florian M. and Herbert, Franziska and Schaewitz, Leonie and Degeling, Martin and D{\"u}rmuth, Markus},
    title = {{POSTER: Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents}},
    booktitle = {USENIX Symposium On Usable Privacy and Security}, 
    year = {2022}, 
    series = {SOUPS~'22}, 
    pages = {},
    address = {Boston, MA, USA}, 
    month = aug, 
    publisher = {USENIX}
}
Martin Degeling, Christine Utz, Florian M. Farke, Franziska Herbert, Leonie Schaewitz, Marvin Kowalewski, Steffen Becker, Theodor Schnitzler, Markus Dürmuth

Die Nutzung von Smartphone-Apps zur Eindämmung von COVID-19 in Deutschland

in: Technologien der Krise – Die Covid-19-Pandemie als Katalysator neuer Formen der Vernetzung
Dennis Krämer, Joschka Haltaufderheide, Jochen Vollmann (Eds.)
Transcript Verlag · Bielefeld, Germany · July 4, 2022
BibTeX Entry
@incollection{degeling22:nutzung-smartphone-apps,
    author = {Degeling, Martin and Utz, Christine and Farke, Florian M. and Herbert, Franziska and Schaewitz, Leonie and Kowalewski, Marvin and Becker, Steffen and Schnitzler, Theodor and D{\"u}rmuth, Markus},
    title = {{Die Nutzung von Smartphone-Apps zur Eind{\"a}mmung von COVID-19 in Deutschland}},
    editor = {Kr{\"a}mer, Dennis and Haltaufderheide, Joschka and Vollman, Jochen},
    booktitle = {{Technologien der Krise~--~Die Covid-19-Pandemie als Katalysator der Vernetzung}},
    address = {Bielefeld, Germany},
    month = jul,
    pages = {133--154},
    year = {2022},
    publisher = {Transcript Verlag}
}
Vera Rimmer, Theodor Schnitzler, Tom Van Goethem, Abel Rodriguez Romero, Wouter Joosen, Katharina Kohls

Trace Oddity: Methodologies for Data-Driven Traffic Analysis on Tor

Privacy Enhancing Technologies Symposium (PETS '22)
Sydney, Australia · July 11–15, 2022 · A/R: 24.0%
BibTeX Entry
@inproceedings{rimmer22:trace-oddity-methodologies,
    author = {Rimmer, Vera and Schnitzler, Theodor and Van Goethem, Tom and Rodr{\'i}guez Romero and Joosen, Wouter and Kohls, Katharina},
    title = {{Trace Oddity: Methodologies for Data-Driven Traffic Analysis on Tor}},
    booktitle = {Privacy Enhancing Technologies Symposium},
    series = {PETS~'22},
    address = {Sydney, Australia},
    month = jul,
    pages = {314--335},
    year = {2022},
    publisher = {Sciendo}
}
Marvin Kowalewski, Franziska Herbert, Theodor Schnitzler, Markus Dürmuth

Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates

Privacy Enhancing Technologies Symposium (PETS '22)
Sydney, Australia · July 11–15, 2022 · A/R: 24.0%
BibTeX Entry
@inproceedings{kowalewski22:proof-vax-studying,
    author = {Kowalewski, Marvin and Herbert, Franziska and Schnitzler, Theodor and  D{\"u}rmuth, Markus},
    title = {{Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates}},
    booktitle = {Privacy Enhancing Technologies Symposium},
    series = {PETS~'22},
    address = {Sydney, Australia},
    month = jul,
    pages = {317--338},
    year = {2022},
    publisher = {Sciendo}
}


2021

Theodor Schnitzler, Christina Pöpper, Markus Dürmuth, Katharina Kohls

We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor

IEEE European Symposium on Security and Privacy (EuroS&P '21)
Virtual Conference · September 6–10, 2021
BibTeX Entry
@inproceedings{schnitzler21:built-this-circuit,
    author = {Schnitzler, Theodor and P{\"o}pper, Christina and D{\"u}rmuth, Markus and Kohls, Katharina},
    title = {{We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor}},
    booktitle = {IEEE European Symposium on Security and Privacy},
    series = {EuroS\&P~'21},
    address = {Virtual Event},
    month = sep,
    pages = {319--336},
    year = {2021},
    publisher = {IEEE}
}
Theodor Schnitzler, Shujaat Mirza, Markus Dürmuth, Christina Pöpper

SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data

Privacy Enhancing Technologies Symposium (PETS '21)
Gather Town, The Internet · July 12–16, 2021 · A/R: 18.8%
BibTeX Entry
@inproceedings{schnitzler21:managing-longitudinal-privacy,
    author = {Schnitzler, Theodor and Mirza, Shujaat and D{\"u}rmuth, Markus and P{\"o}pper, Christina},
    title = {{SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data}},
    booktitle = {Privacy Enhancing Technologies Symposium},
    series = {PETS~'21},
    address = {Virtual Event},
    month = jul,
    pages = {229--249},
    year = {2021},
    publisher = {Sciendo}
}
Christine Utz, Steffen Becker, Theodor Schnitzler, Florian M. Farke, Franziska Herbert, Leonie Schaewitz, Martin Degeling, Markus Dürmuth

Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents

ACM CHI Conference on Human Factors in Computing Systems (CHI '21)
Virtual Conference · May 8–13, 2021 · A/R: 26.3%
BibTeX Entry
@inproceedings{utz21:apps-against-spread,
    author = {Utz, Christine and Becker, Steffen and Schnitzler, Theodor and Farke, Florian M. and Herbert, Franziska and Schaewitz, Leonie and Degeling, Martin and D{\"u}rmuth, Markus},
    title = {{Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents}},
    booktitle = {ACM CHI Conference on Human Factors in Computing Systems},
    series = {CHI~'21},
    address = {Virtual Event},
    month = may,
    year = {2021},
    publisher = {ACM}
}


2020

Florian M. Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, Markus Dürmuth

“You still use the password after all” – Exploring FIDO2 Security Keys in a Small Company

Symposium on Usable Privacy and Security (SOUPS '20)
Virtual Conference · August 7–11, 2020 · A/R: 19.8%
BibTeX Entry
@inproceedings{farke20:you-still-use,
    author = {Farke, Florian M .and Lorenz, Lennart and Schnitzler, Theodor and Markert, Philipp and D{\"u}rmuth, Markus},
    title = {{``You still use the password after all''~--~Exploring FIDO2 Security Keys in a Small Company}},
    booktitle = {USENIX Symposium On Usable Privacy and Security},
    series = {SOUPS~'20},
    address = {Virtual Event},
    month = aug,
    pages = {19--35},
    year = {2020},
    publisher = {USENIX}
}
Theodor Schnitzler, Christine Utz, Florian M. Farke, Christina Pöpper, Markus Dürmuth

Exploring User Perceptions of Deletion in Mobile Instant Messaging Applications

Journal of Cybersecurity, Volume 6, Issue 1
Tyler Moore, David Pym (Eds.)
Oxford University Press · Oxford, UK · January 30, 2020
BibTeX Entry
@article{schnitzler20:exploring-user-perceptions,
    author = {Schnitzler, Theodor and Utz, Christine and Farke, Florian M. and P{\"o}pper, Christina and D{\"u}rmuth, Markus},
    title = {{Exploring User Perceptions of Deletion in Mobile Instant Messaging Applications}},
    journal = {Journal of Cybersecurity},
    volume = {6},
    number = {1},
    month = jan,
    pages = {1--15},
    year = {2020},
    publisher = {Oxford University Press}
}


2019

Theodor Schnitzler, Markus Dürmuth, Christina Pöpper

Towards Contractual Agreements for Revocation of Online Data

ICT Systems Security and Privacy Protection (IFIP SEC '19)
Lisbon, Portugal · June 25–27, 2019
BibTeX Entry
@inproceedings{schnitzler19:towards-contractual-agreements,
    author = {Schnitzler, Theodor and D{\"u}rmuth, Markus and P{\"o}pper, Christina},
    title = {{Towards Contractual Agreements for Revocation of Online Data}},
    booktitle = {IFIP International Conference on ICT Systems Security and Privacy Protection},
    series = {IFIP SEC~'19},
    pages = {374--387},
    address = {Lisbon, Portugal},
    month = jun,
    year = {2019},
    publisher = {Springer}
}


2018

Theodor Schnitzler, Christine Utz, Florian M. Farke, Christina Pöpper, Markus Dürmuth

POSTER: User Perception and Expectations on Deleting Instant Messages – or – “What Happens If I Press This Button?”

Symposium on Usable Privacy and Security (SOUPS '18)
Baltimore, MD, USA · August 12–14, 2018
BibTeX Entry
@inproceedings{schnitzler18:poster-user-perception,
    author = {Schnitzler, Theodor and Utz, Christine and Farke, Florian M. and P{\"o}pper, Christina and D{\"u}rmuth, Markus},
    title = {{User Perception and Expectations on Deleting Instant Messages --~or~-- ``What Happens If I Press This Button?''}},
    booktitle = {USENIX Symposium On Usable Privacy and Security},
    series = {SOUPS~'18},
    pages = {1--5},
    address = {Baltimore, MD, USA},
    month = aug,
    year = {2018},
    publisher = {USENIX}
}
Maximilian Golla, Theodor Schnitzler, Markus Dürmuth

“Will Any Password Do?” Rate Limiting on the Web

Who are you? Adventures in Authentication Workshop (WAY '18)
Baltimore, MD, USA · August 12, 2018
BibTeX Entry
@inproceedings{golla18:will-any-password,
    author = {Golla, Maximilian and Schnitzler, Theodor and D{\"u}rmuth, Markus},
    title = {{``Will Any Password Do?'' Exploring Rate-Limiting on the Web}},
    booktitle = way,
    series = {WAY~'18},
    pages = {1--5},
    address = {Baltimore, MD, USA},
    month = aug,
    year = {2018}
}
Theodor Schnitzler, Christine Utz, Florian M. Farke, Christina Pöpper, Markus Dürmuth

User Perception and Expectations on Deleting Instant Messages – or – “What Happens If I Press This Button?”

European Workshop on Usable Security (EuroUSEC '18)
London, UK · April 23, 2018
BibTeX Entry
@inproceedings{schnitzler18:user-perception-expectations,
    author = {Schnitzler, Theodor and Utz, Christine and Farke, Florian M. and P{\"o}pper, Christina and D{\"u}rmuth, Markus},
    title = {{User Perception and Expectations on Deleting Instant Messages --~or~-- ``What Happens If I Press This Button?''}},
    booktitle = {European Workshop on Usable Security},
    series = {EuroUSEC~'18},
    pages = {1--9},
    address = {London, UK},
    month = apr,
    year = {2018},
    publisher = {The Internet Society}
}

Academic Service



Teaching


Supervised Theses

Courses

Seminars