Someone slipped a Bluetooth tracker into a postcard, dropped it into the Dutch military postal system, and watched a warship’s movements for 24 hours from a tracking app on their phone. The device cost about five euros. The ship it ended up on was a front-line surface combatant of the Koninklijke Marine, the kind of vessel whose real-time position is treated as operationally sensitive.
The postcard arrived aboard the warship, designated only as HNLMS in available reporting, without triggering any security screening. Once on board, the tracker did exactly what consumer Bluetooth trackers are designed to do: it broadcast a low-energy signal that nearby smartphones picked up and relayed, anonymously, to cloud servers. Each ping logged the device’s location, and over the course of a day, those pings stitched together a readable trail of the ship’s route after it left port.
How a coin-cell battery outfoxed a warship
Bluetooth trackers work by piggybacking on the vast mesh of smartphones around them. Apple’s Find My network and Google’s Find My Device network both allow tiny, battery-powered tags to report their location whenever a compatible phone passes within range. On a warship carrying dozens or hundreds of crew members, each with a personal smartphone, there is no shortage of relay devices, even at sea.
The tracker that reached the Dutch warship was small enough to hide inside a standard postcard without adding noticeable bulk. Powered by a coin-cell battery, it needed no Wi-Fi connection, no cellular signal of its own, and no physical retrieval to deliver useful data. According to a detailed account published in April 2026, the device maintained a consistent signal as the ship moved, allowing the sender to reconstruct its course in near-real time.
TechSpot’s coverage framed the experiment as a proof of concept: a device cheaper than a cup of coffee, mailed through ordinary channels, arrived fully operational on a military platform and performed exactly as advertised. No hacking was required. No laws were obviously broken. The tracker simply used infrastructure that already existed aboard the ship.
What is confirmed and what is not
Three facts are well established across independent sources: a Bluetooth tracker was concealed in a postcard, it reached a Dutch warship through the military postal system, and it reported the ship’s position for roughly 24 hours. Those points alone are enough to demonstrate that current mail-handling procedures did not catch an active electronic device before it boarded an operational vessel. However, no raw telemetry data, tracking screenshots, or exported route maps from the app used in the experiment have been published, meaning the 24-hour duration and the specifics of the ship’s movements rest on the sender’s account rather than independently verifiable evidence.
Beyond that core, several details remain unconfirmed. Some accounts, including a widely shared Threads post, identify the device as an Apple AirTag. Others describe it as a generic tracker purchased from Action, a Dutch discount retailer. The distinction matters: AirTags include anti-stalking alerts that notify nearby iPhone users when an unknown tracker appears to be traveling with them. Cheaper alternatives often lack those safeguards entirely. Without images of the actual device or confirmation from the person who sent it, the brand remains uncertain.
The identity of the person behind the experiment is also unclear. Some secondary accounts attribute it to a journalist working with the Dutch investigative program Pointer, but no published byline or official statement from the outlet has confirmed that as of May 2026. Similarly, a figure of 500 million euros for the ship’s value circulates in commentary but does not appear in any primary source or procurement document.
The Dutch Ministry of Defence has not publicly commented on the incident. Whether the military postal service screens packages for active electronics, uses X-ray inspection, or conducts RF sweeps on mail destined for deployed ships remains undocumented in any publicly available policy.
Why five euros worth of hardware is a national security problem
Warships routinely receive personal mail in port and sometimes at sea during replenishment. That mail stream exists for good reason: it sustains crew morale during long deployments. But it also creates an entry point for devices that were never anticipated when postal procedures were written.
A Bluetooth tracker is legal, commercially available, and small enough to fit inside a birthday card. Its legitimate uses, such as finding lost keys, tagging luggage, and keeping track of a pet, sit uncomfortably close to surveillance. Stalking cases involving AirTags and similar devices have been well documented in civilian life, prompting Apple and Google to build detection features into their platforms. But those protections assume the person being tracked carries a compatible phone and pays attention to alerts. On a busy warship, a notification on one sailor’s phone is easy to miss or dismiss.
The deeper concern is scalability. If one person can track a warship with a single postcard, an adversary could send dozens of trackers to different ships, bases, and logistics hubs. More sophisticated versions could carry microphones, environmental sensors, or longer-lasting batteries. The five-euro postcard tracker is the simplest possible version of a threat that gets worse with modest investment.
Location data alone is valuable. Knowing where a warship is, how fast it is moving, and what route it takes can reveal patrol patterns, deployment schedules, and operational intentions. Intelligence agencies have historically invested enormous resources in tracking naval movements. A consumer gadget hidden in a greeting card now accomplishes a crude version of the same task.
A gap that other navies share
The Dutch case is unlikely to be unique. NATO navies generally allow personal mail to reach deployed personnel, and few have publicly disclosed screening protocols that account for tiny, battery-powered transmitters embedded in paper envelopes. The U.S. Navy’s Military Postal Service Agency, for example, publishes guidelines focused on prohibited items like hazardous materials and contraband, not on passive electronics that weigh a few grams.
The incident may force a policy reckoning. Screening every piece of mail for active Bluetooth signals is technically feasible but operationally burdensome, especially for ships that receive hundreds of letters and packages during a port call. Banning personal electronics aboard ship is another option, but one that most navies have resisted because of the morale cost. A middle path might involve RF-shielded mail rooms or automated Bluetooth scanning at postal sorting facilities, but none of those measures appear to be standard practice today.
Until military mail systems treat consumer tracking hardware as a routine threat, the vulnerability exposed by a five-euro postcard tracker will remain open. The technology is only getting smaller, cheaper, and harder to detect. The postcard that tracked a Dutch warship was not a sophisticated espionage operation. It was a proof of concept that anyone with a stamp and a discount-store tracker could replicate tomorrow.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
