I am an Assistant Professor for computer security at the Department of Advanced Computing Sciences at Maastricht University in the Netherlands. My main area of research is user privacy in online environments from both technical and HCI perspectives.
Previously, I had a postdoc position at the Research Center Trustworthy Data Science and Security at TU Dortmund in Germany.
After studying computer science at TU Dortmund I specialized in usable security and privacy. In 2022, I received my PhD from Ruhr University Bochum, where I worked in the Mobile Security Group and was advised by Prof. Dr. Markus Dürmuth. My co-advisor was Prof. Dr. Christina Pöpper from the Cyber Security and Privacy Lab at New York University Abu Dhabi in the UAE, where I also spent memorable time abroad for a research visit in early 2020.
@inproceedings{bitsikas24:amplifying-threats-role,
author = {Bitsikas, Evangelos and Schnitzler, Theodor and P{\"o}pper, Christina and Ranganathan, Aanjhan},
title = {{Amplifying Threats: The Role of Multi-Sender Coordination in SMS-Timing-Based Location Inference Attacks}},
booktitle = {USENIX WOOT Conference on Offensive Technologies},
series = {WOOT~'24},
address = {Philadelphia, PA, USA},
month = aug,
pages = {},
year = {2024},
publisher = {USENIX Association}
}
@article{wischnewski24:seal-trust-investigating,
author = {Wischnewski, Magdalena and Kr{\"a}mer, Nicole and Janiesch, Christian and M{\"u}ller, Emmanuel and Schnitzler, Theodor and Newen, Carina},
title = {{In Seal We Trust? Investigating the Effect of Certifications on Perceived Trustworthiness of AI Systems}},
journal = {Human-Machine Communication},
volume = {8},
number = {7},
month = jun,
pages = {141--162},
year = {2024},
publisher = {Western Michigan University}
}
@inproceedings{kowalewski23:52-weeks-later,
author = {Kowalewski, Marvin and Utz, Christine and Degeling, Martin and Schnitzler, Theodor and Herbert, Franziska and Schaewitz, Leonie and Farke, Florian M. and Becker, Steffen and D{\"u}rmuth, Markus},
title = {{52 Weeks Later: Attitudes Towards COVID-19 Apps for Different Purposes Over Time}},
booktitle = {ACM Conference On Computer-Supported Cooperative Work And Social Computing},
series = {CSCW~'23},
address = {Minneapolis, MN, USA},
month = oct,
pages = {},
year = {2023},
publisher = {ACM}
}
@inproceedings{bitsikas23-freaky-leaky-sms,
author = {Bitsikas, Evangelos and Schnitzler, Theodor and P{\"o}pper, Christina and Ranganathan, Aanjhan},
title = {{Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings}},
booktitle = {USENIX Security Symposium},
series = {USENIX~'23},
address = {Anaheim, CA, USA},
month = aug,
pages = {},
year = {2023},
publisher = {USENIX Association}
}
@inproceedings{schnitzler23:hope-delivery-extracting,
author = {Schnitzler, Theodor and Kohls, Katharina and Bitsikas, Evangelos and P{\"o}pper, Christina},
title = {{Hope of Delivery: Extracting User Locations From Mobile Instant Messengers}},
booktitle = {Network and Distributed System Security Symposium},
series = {NDSS~'23},
address = {San Diego, CA, USA},
month = feb,
pages = {},
year = {2023},
publisher = {The Internet Society}
}
@inproceedings{markert22:soon-risk-want,
author = {Markert, Philipp and Schnitzler, Theodor and Golla, Maximilian and D\"{u}rmuth, Markus},
title = {{``As soon as it's a risk, I want to require MFA'': How Administrators Configure Risk-based Authentication}},
booktitle = {USENIX Symposium On Usable Privacy and Security},
year = {2022},
series = {SOUPS~'22},
pages = {483--501},
address = {Boston, MA, USA},
month = aug,
publisher = {USENIX}
}
@inproceedings{herbert22:fast-easy-convenient,
author = {Herbert, Franziska and Kowalewski, Marvin and Schnitzler, Theodor and Lassak, Leona and D\"{u}rmuth, Markus},
title = {{``Fast, Easy, Convenient.'' Studying Adoption and Perception of Digital Covid Certificates}},
booktitle = {USENIX Symposium On Usable Privacy and Security},
year = {2022},
series = {SOUPS~'22},
pages = {463--482},
address = {Boston, MA, USA},
month = aug,
publisher = {USENIX}
}
@inproceedings{utz22:poster-apps-against,
author = {Utz, Christine and Becker, Steffen and Schnitzler, Theodor and Farke, Florian M. and Herbert, Franziska and Schaewitz, Leonie and Degeling, Martin and D{\"u}rmuth, Markus},
title = {{POSTER: Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents}},
booktitle = {USENIX Symposium On Usable Privacy and Security},
year = {2022},
series = {SOUPS~'22},
pages = {},
address = {Boston, MA, USA},
month = aug,
publisher = {USENIX}
}
@incollection{degeling22:nutzung-smartphone-apps,
author = {Degeling, Martin and Utz, Christine and Farke, Florian M. and Herbert, Franziska and Schaewitz, Leonie and Kowalewski, Marvin and Becker, Steffen and Schnitzler, Theodor and D{\"u}rmuth, Markus},
title = {{Die Nutzung von Smartphone-Apps zur Eind{\"a}mmung von COVID-19 in Deutschland}},
editor = {Kr{\"a}mer, Dennis and Haltaufderheide, Joschka and Vollman, Jochen},
booktitle = {{Technologien der Krise~--~Die Covid-19-Pandemie als Katalysator der Vernetzung}},
address = {Bielefeld, Germany},
month = jul,
pages = {133--154},
year = {2022},
publisher = {Transcript Verlag}
}
@inproceedings{rimmer22:trace-oddity-methodologies,
author = {Rimmer, Vera and Schnitzler, Theodor and Van Goethem, Tom and Rodr{\'i}guez Romero and Joosen, Wouter and Kohls, Katharina},
title = {{Trace Oddity: Methodologies for Data-Driven Traffic Analysis on Tor}},
booktitle = {Privacy Enhancing Technologies Symposium},
series = {PETS~'22},
address = {Sydney, Australia},
month = jul,
pages = {314--335},
year = {2022},
publisher = {Sciendo}
}
@inproceedings{kowalewski22:proof-vax-studying,
author = {Kowalewski, Marvin and Herbert, Franziska and Schnitzler, Theodor and D{\"u}rmuth, Markus},
title = {{Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates}},
booktitle = {Privacy Enhancing Technologies Symposium},
series = {PETS~'22},
address = {Sydney, Australia},
month = jul,
pages = {317--338},
year = {2022},
publisher = {Sciendo}
}
@inproceedings{schnitzler21:built-this-circuit,
author = {Schnitzler, Theodor and P{\"o}pper, Christina and D{\"u}rmuth, Markus and Kohls, Katharina},
title = {{We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor}},
booktitle = {IEEE European Symposium on Security and Privacy},
series = {EuroS\&P~'21},
address = {Virtual Event},
month = sep,
pages = {319--336},
year = {2021},
publisher = {IEEE}
}
@inproceedings{schnitzler21:managing-longitudinal-privacy,
author = {Schnitzler, Theodor and Mirza, Shujaat and D{\"u}rmuth, Markus and P{\"o}pper, Christina},
title = {{SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data}},
booktitle = {Privacy Enhancing Technologies Symposium},
series = {PETS~'21},
address = {Virtual Event},
month = jul,
pages = {229--249},
year = {2021},
publisher = {Sciendo}
}
@inproceedings{utz21:apps-against-spread,
author = {Utz, Christine and Becker, Steffen and Schnitzler, Theodor and Farke, Florian M. and Herbert, Franziska and Schaewitz, Leonie and Degeling, Martin and D{\"u}rmuth, Markus},
title = {{Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents}},
booktitle = {ACM CHI Conference on Human Factors in Computing Systems},
series = {CHI~'21},
address = {Virtual Event},
month = may,
year = {2021},
publisher = {ACM}
}
@inproceedings{farke20:you-still-use,
author = {Farke, Florian M .and Lorenz, Lennart and Schnitzler, Theodor and Markert, Philipp and D{\"u}rmuth, Markus},
title = {{``You still use the password after all''~--~Exploring FIDO2 Security Keys in a Small Company}},
booktitle = {USENIX Symposium On Usable Privacy and Security},
series = {SOUPS~'20},
address = {Virtual Event},
month = aug,
pages = {19--35},
year = {2020},
publisher = {USENIX}
}
@article{schnitzler20:exploring-user-perceptions,
author = {Schnitzler, Theodor and Utz, Christine and Farke, Florian M. and P{\"o}pper, Christina and D{\"u}rmuth, Markus},
title = {{Exploring User Perceptions of Deletion in Mobile Instant Messaging Applications}},
journal = {Journal of Cybersecurity},
volume = {6},
number = {1},
month = jan,
pages = {1--15},
year = {2020},
publisher = {Oxford University Press}
}
@inproceedings{schnitzler19:towards-contractual-agreements,
author = {Schnitzler, Theodor and D{\"u}rmuth, Markus and P{\"o}pper, Christina},
title = {{Towards Contractual Agreements for Revocation of Online Data}},
booktitle = {IFIP International Conference on ICT Systems Security and Privacy Protection},
series = {IFIP SEC~'19},
pages = {374--387},
address = {Lisbon, Portugal},
month = jun,
year = {2019},
publisher = {Springer}
}
@inproceedings{schnitzler18:poster-user-perception,
author = {Schnitzler, Theodor and Utz, Christine and Farke, Florian M. and P{\"o}pper, Christina and D{\"u}rmuth, Markus},
title = {{User Perception and Expectations on Deleting Instant Messages --~or~-- ``What Happens If I Press This Button?''}},
booktitle = {USENIX Symposium On Usable Privacy and Security},
series = {SOUPS~'18},
pages = {1--5},
address = {Baltimore, MD, USA},
month = aug,
year = {2018},
publisher = {USENIX}
}
@inproceedings{golla18:will-any-password,
author = {Golla, Maximilian and Schnitzler, Theodor and D{\"u}rmuth, Markus},
title = {{``Will Any Password Do?'' Exploring Rate-Limiting on the Web}},
booktitle = way,
series = {WAY~'18},
pages = {1--5},
address = {Baltimore, MD, USA},
month = aug,
year = {2018}
}
@inproceedings{schnitzler18:user-perception-expectations,
author = {Schnitzler, Theodor and Utz, Christine and Farke, Florian M. and P{\"o}pper, Christina and D{\"u}rmuth, Markus},
title = {{User Perception and Expectations on Deleting Instant Messages --~or~-- ``What Happens If I Press This Button?''}},
booktitle = {European Workshop on Usable Security},
series = {EuroUSEC~'18},
pages = {1--9},
address = {London, UK},
month = apr,
year = {2018},
publisher = {The Internet Society}
}