Matthias Fassl

I am an interdisciplinary HCI researcher working on security, privacy, and safety. My current work focuses on technology-mediated stalking and intimate-image-based abuse in end-to-end-encrypted messengers, as part of Adam Aviv's group at GWU.

🎉 Incoming Collaborateur Scientifique at EPFL.

I hold a Dr.-Ing. from Saarland University and bring a background in computer engineering, cultural & social anthropology, privacy advocacy, and EU cybercrime policy.

✉ Email Google Scholar DBLP LinkedIn Mastodon Signal SOUPS Co-authorship Network

Research

Online Safety & Stalking

How technology enables intimate partner surveillance and stalking — from stalkerware detection to AirTag-facilitated tracking — and how we can better protect at-risk people.

Intimate-Image-Based Abuse

Understanding and countering the non-consensual sharing of intimate images within end-to-end-encrypted messaging platforms, where moderation is architecturally constrained.

Authentication & Security UX

Why security features like authentication ceremonies and consent mechanisms fail users in practice — and how to design them to be genuinely usable rather than theatrical.

Methods in Usable Security

Developing and evaluating rigorous empirical methods — including qualitative analysis, autoethnography, and systematic reviews — for usable privacy and security research.

Publications

2025

Towards Anti-Imperialist Security, Privacy, and Safety Research in HCI

Miranda Wei, Matthias Fassl

NSPW '25

ACM

The Hidden Cost of Location Tracking

Dañiel Gerhardt, Matthias Fassl

USENIX ;login: Online · July 2025

Article

AirTag-Facilitated Stalking Protection: Evaluating Unwanted Tracking Notifications and Tracker Locating Features

Dañiel Gerhardt, Matthias Fassl, Carolyn Guthoff, Adrian Dabrowski, Katharina Krombholz

USENIX Security 2025

PDF Page

2024

Investigating Security Folklore: A Case Study on the Tor over VPN Phenomenon

Matthias Fassl, Alexander Ponticello, Adrian Dabrowski, Katharina Krombholz

SOUPS 2024 · Poster

PDF Page

Will our Colleagues Detect the AirTag? Let's Check (Consensually)

Dañiel Gerhardt, Matthias Fassl, Katharina Krombholz

SOUPS 2024 · Poster ★ Best Poster Runner-Up

Page

Averting Security Theater: Methods to Investigate and Integrate Secure Experience in a User-Centered Security Design Process

Matthias Fassl

Doctoral Dissertation · Saarland University

PDF Repository

2023

Investigating Security Folklore: A Case Study on the Tor over VPN Phenomenon

Matthias Fassl, Alexander Ponticello, Adrian Dabrowski, Katharina Krombholz

ACM CSCW 2023 ★ Honorable Mention ★ Methods Recognition

PDF ACM

Different Researchers, Different Results? Analyzing the Influence of Researcher Experience and Data Type During Qualitative Analysis

Anna-Marie Ortloff, Matthias Fassl, Alexander Ponticello, Florin Martius, Anne Mertens, Katharina Krombholz, Matthew Smith

ACM CHI 2023

PDF ACM

Why I Can't Authenticate – Understanding the Low Adoption of Authentication Ceremonies with Autoethnography

Matthias Fassl, Katharina Krombholz

ACM CHI 2023

PDF ACM

Empirical Research Methods in Usable Privacy and Security

Verena Distler, Matthias Fassl, Hana Habib, Katharina Krombholz, Gabriele Lenzini, Carine Lallemand, Vincent Koenig, Lorrie Faith Cranor

Book Chapter · Springer

Springer

2022

Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality

Matthias Fassl, Simon Anell, Sabine Houy, Martina Lindorfer, Katharina Krombholz

SOUPS 2022

PDF Page Talk ▶

Exploring User-Centered Security Design for Usable Authentication Ceremonies

Matthias Fassl, Lea Gröber, Katharina Krombholz

SOUPS 2022 · Poster

PDF Page

Investigating Car Drivers' Information Demand after Safety and Security Critical Incidents

Lea Gröber, Matthias Fassl, Abhilash Gupta, Katharina Krombholz

SOUPS 2022 · Poster

PDF

2021

A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security Research

Verena Distler, Matthias Fassl, Hana Habib, Katharina Krombholz, Gabriele Lenzini, Carine Lallemand, Vincent Koenig, Lorrie Faith Cranor

ACM TOCHI · Vol. 28, Issue 6

ACM

Exploring Authentication for Security-Sensitive Tasks on Smart Home Voice Assistants

Alexander Ponticello, Matthias Fassl, Katharina Krombholz

SOUPS 2021

PDF Page

Transferring Update Behavior from Smartphones to Smart Consumer Devices

Matthias Fassl, Michaela Neumayr, Oliver Schedler, Katharina Krombholz

ESORICS 2021 Workshop

PDF Springer

Stop the Consent Theater

Matthias Fassl, Lea Gröber, Katharina Krombholz

alt.CHI 2021

PDF ACM Talk ▶

Exploring User-Centered Security Design for Usable Authentication Ceremonies

Matthias Fassl, Lea Gröber, Katharina Krombholz

ACM CHI 2021

PDF ACM Talk ▶

Investigating Car Drivers' Information Demand after Safety and Security Critical Incidents

Lea Gröber, Matthias Fassl, Abhilash Gupta, Katharina Krombholz

ACM CHI 2021

ACM

2018

Usable Authentication Ceremonies in Secure Instant Messaging

Matthias Fassl

Master Thesis · TU Wien

PDF Repository

Wenn der Algorithmus zum Unterdrücker wird (When the Algorithm becomes the Oppressor)

Sabrina Burtscher, Matthias Fassl, Gabriel Grill

Progress Magazine · Vienna

Article

Awards

Distinguished Reviewer Award

USENIX Security · August 2025

Best Poster Runner-Up

SOUPS 2024 · August 2024

For "Will our Colleagues Detect the AirTag? Let's Check (Consensually)"

Google Trust & Safety Research Award

Google · November 2023 · CISPA Helmholtz Center for Information Security

Best Paper Honorable Mention Award

ACM CSCW 2023 · October 2023 · CISPA Helmholtz Center for Information Security

Awarded to the top 3% of submissions · For "Investigating Security Folklore: A Case Study on the Tor over VPN Phenomenon"

Press

Radio

Deutschlandfunk Warum Messenger-Kontakte nur selten verifiziert werdende EN ↗
Why messenger contacts are rarely verified Nov 2023

Deutschlandfunk Is Tor still secure? Timing attacks on the anonymization networkde EN ↗
Expert commentary on the Boys Town case and the limits of Tor's anonymity guarantees Oct 2024

Podcast

CISPA TL;DR Authentication Ceremonies with Matthias Fassl EN ↗ Oct 2021

News

CISPA The example of Tor and VPN: cybersecurity between fact and folklore Jan 2024

CISPA On the difficulties of performing authentication ceremonies Oct 2023

CISPA Anti-stalkerware: Wishes and Reality Oct 2022

CISPA No added cybersecurity through double VPN services Jul 2021

CISPA It's all an act — why cookie banners should be abolished May 2021

Contact

Matthias Fassl
Postdoctoral Researcher, George Washington University
School of Engineering and Applied Science
Room 4390, 800 22nd Street NW, Washington, DC 20052

matthias.fassl@gwu.edu