A bluetooth tracker hidden in a postcard let a Dutch journalist follow the frigate Zr.Ms. Evertsen for about 24 hours, according to RTL Nieuws, DutchNews, and Defense News. The ship was operating with the French carrier Charles de Gaulle strike group in the Mediterranean.
RTL Nieuws reported that journalist Just Vervaart mailed the tracker inside a postcard after following publicly available instructions for sending mail to the ship. Defense News reported the tracker was found during onboard mail sorting within roughly a day and then disabled.
Reporting calls it a bluetooth tracker, but public coverage does not clearly identify the exact device model. That matters because an AirTag-style tracker depends on nearby phones to relay its location, while a GPS or cellular tracker can report its own position.
That ambiguity changes the lesson. The confirmed facts show a tracker reached the ship by mail and produced location data for about a day. The relay path depends on what kind of tracker it actually was.
How a $5 bluetooth tracker exposed a warship
RTL Nieuws reported the price point as €5. DutchNews and Defense News reported that the broadcaster could follow the frigate’s movements for around 24 hours.
Tom’s Hardware, summarizing the reporting, said the ship sailed from Heraklion, Crete, before turning toward Cyprus during the period it was being observed. Defense News said the frigate was part of a NATO carrier group, which raised the security implications beyond a single ship.
The reporting supports a short chain of events:
| Step | What happened | Source |
|---|---|---|
| 1 | A postcard with a hidden tracker was mailed to the frigate | RTL Nieuws |
| 2 | The postcard was accepted onboard before inspection caught it | RTL Nieuws, Defense News |
| 3 | Likely relay path if this was a consumer Bluetooth-network tracker: nearby connected devices heard the tracker and relayed location data | Inferred from how consumer Bluetooth tracker networks operate; not confirmed in the reporting |
| 4 | The sender could view location updates for about 24 hours | DutchNews, Defense News |
Confirmed in the source coverage: steps 1, 2, and 4. Inferred: step 3, and only if the device was the kind of consumer Bluetooth-network tracker that depends on nearby phones or tablets.
That distinction matters because “Bluetooth tracker” is a broad label. It can mean a short-range tag that needs other devices to do the hard work, or it can mean a tracker with its own location and backhaul.
Why the tracker worked at sea
A consumer Bluetooth-network tracker does not usually know where it is by itself. It broadcasts a short-range identifier over Bluetooth. A nearby participating phone or tablet hears that identifier, adds its own location, and uploads the result to the vendor’s network when it has internet access. The tracker owner then sees the location through that network.
At sea, that can still work. A nearby phone can get its own position from satellites, and if that phone later reaches shipboard Wi‑Fi or another internet connection, it can upload the sighting. Distance from shore is not the barrier. Lack of a relay is the barrier.
That mechanism is plausible here if the device was an AirTag-style or similar bluetooth tracker. The available reporting does not yet identify the exact model, so it does not conclusively prove that this was the relay path used on Evertsen.
A self-reporting tracker works differently. A GPS tracker usually includes its own receiver and some way to send data back, often cellular and sometimes satellite. In that model, the tracker itself is the full system.
The defensive implications are different.
| Tracker type | How it gets location | How it sends location | What failure matters most |
|---|---|---|---|
| Consumer Bluetooth-network tracker | Nearby phone or tablet supplies location | Nearby connected device uploads to vendor network | Personal devices, Wi‑Fi, and relay paths |
| GPS/cellular tracker | Tracker gets its own GPS position | Tracker sends data with its own connectivity | Mail screening, RF detection, and hardware discovery |
Apple’s AirTag-style model also explains why a normal consumer tag is not the same thing as a classic spy beacon. The tag is weak on purpose. The network around it is what makes it powerful.
That is why the reported 24-hour window matters. If this was a consumer tracker, the ship did not just admit the object. It also appears to have had enough nearby connected infrastructure to make the object useful.
What this means for naval operational security
Defense News reported that Dutch authorities moved to ban electronic greeting cards after the incident because cards, unlike packages, were not being X-rayed before boarding. That is a direct response to the entry path described in the reporting.
It is not the only control that matters.
If personal devices and internet access were available in the tracker’s vicinity, the ship had a second failure mode beyond mail screening. That is the key operational-security question raised by the incident, even though the reporting does not fully document the onboard relay path.
The controls split cleanly by threat model:
| Control area | Why it matters |
|---|---|
| Mail and parcel screening | Stops hidden electronics before they enter the platform |
| Personal device policy | Reduces the chance that phones, tablets, or wearables can act as relays |
| Wi‑Fi and internet access policy | Removes or limits upload paths for location data |
| Unauthorized network monitoring | Detects side channels such as rogue hotspots or unsanctioned terminals |
That last category is not theoretical. Tom’s Hardware pointed to the separate case of the USS Manchester, where sailors reportedly used an unauthorized Starlink terminal for internet access. Different hardware. Same category of failure: convenience creates a route around the official boundary.
Military OPSEC has been learning this lesson for years. The Strava heatmap exposed patterns around military sites, according to BBC reporting, because personal devices turned protected locations into visible data. This incident fits the same shape if the tracker relied on nearby phones.
If the device turns out to have been self-reporting, the lesson narrows but does not disappear. Mail screening still failed, and the ship still carried a foreign electronic device long enough to produce useful location data.
The bigger lesson for generalists
Most organizations do not run frigates. They do run places where people assume policy is enough.
An executive floor may ban location sharing while employees carry smartwatches and phones onto a guest Wi‑Fi network. An R&D lab may prohibit cameras but allow Bluetooth accessories and unmanaged tablets. A hospital may restrict patient-data exports while allowing dense clusters of personal devices near sensitive areas. The same pattern shows up every time: the official rule says one thing, the surrounding device environment says another.
That is what makes this bluetooth tracker story useful outside the military. It forces a more honest definition of the security boundary.
The boundary is not the room, the ship, or the badge reader. The boundary is every device that can sense, store, or relay data from inside that space.
A simple checklist makes the point:
| Environment | Harmless-seeming exception | What it can become |
|---|---|---|
| Executive office | Guest Wi‑Fi plus employee wearables | Presence and movement leak |
| R&D lab | Personal tablets and Bluetooth accessories | Relay path for trackers or metadata |
| Hospital ward | Phones near restricted areas | Continuous location and timing signal |
This is also why articles about open-source image geolocation keep landing with security teams. Small clues become dangerous when the environment around them is connected and searchable.
The Dutch frigate incident proved one thing directly: a mailed tracker produced location visibility for about a day. The broader lesson depends on the device type. If the device was an AirTag-style tracker, connected personal devices formed the leak path. If it was a self-reporting tracker, mail screening and onboard connectivity controls were still insufficient.
Key Takeaways
- RTL Nieuws, DutchNews, and Defense News reported that a bluetooth tracker mailed in a postcard let journalists follow the Dutch frigate Evertsen for about 24 hours.
- Public reporting does not clearly identify the exact tracker model, so the precise technical path remains uncertain.
- If the device was a consumer Bluetooth-network tracker, it likely depended on nearby phones or tablets plus internet access to relay location data.
- If the device was a self-reporting GPS or cellular tracker, the main failure was the ship accepting hidden electronics onboard.
- Defense News reported that Dutch authorities responded by banning electronic greeting cards that had not been X-rayed.
Further Reading
- DutchNews: Broadcaster posts tracker to Dutch frigate and follows its route, English-language summary of the incident and the 24-hour tracking window.
- RTL Nieuws: Oorlogsschip Zr.Ms. Evertsen werd getrackt door journalist, Original Dutch reporting with the €5 tracker detail and postcard method.
- Defense News: Dutch broadcaster tracks carrier group frigate with Bluetooth gadget, Defense-focused coverage on the naval security implications.
- Tom’s Hardware: Bluetooth tracker hidden in a postcard and mailed to a warship, Broad explainer covering the ship value estimate and response.
- BBC News: Fitness app Strava lights up staff at military bases, Earlier reporting on how consumer location tools exposed military sites.