TL;DR On the evening of July 1, 2026, in Shanghai, connecting to Claude over a Taiwan SIM on international roaming returned
302 app-unavailable-in-region. The exit IP landed at a Hong Kong cloud datacenter ASN, which was classified as an unsupported region. This post documents a full single-variable-at-a-time investigation — and the larger shift it revealed: AI services are now infrastructure with geopolitical character, and redundancy needs to be built along two axes: model and network exit.
It was 20:05 on the evening of July 1, 2026, when I arrived at Shanghai Hongqiao Airport. As usual, my first move was to open my laptop and get to work.
Claude Desktop launched straight into app-unavailable-in-region. I assumed it was my overseas eSIM, switched to Taiwan Mobile’s international roaming, and got the same result.
At the same time, Google, Gmail, LINE, and even ChatGPT all worked. That ruled out any underlying network failure — and it was the first premise for everything that followed.
The problem looked more like this: one particular AI service had decided I wasn’t allowed to use it.
What Did Claude Actually Return? Start with the HTTP Response
Rather than reaching for a workaround, I looked at what Claude was actually sending back.
curl -I https://claude.ai
The response:
HTTP/2 302
Location: https://www.anthropic.com/app-unavailable-in-region
That single line eliminated an entire range of possibilities: not a DNS failure, not macOS misbehaving, not Claude Desktop crashing, not an account login problem. The server responded — and actively redirected me to app-unavailable-in-region. Anthropic had classified my current access environment as an unsupported region.
Why Was the Exit IP in Hong Kong?
The next step was to check the actual exit IP.
curl -L https://ipinfo.io/json
I was connected through Taiwan Mobile’s international roaming, but the exit IP showed up in Hong Kong, with an ASN of:
AS153611 CLOUD (HK) LIMITED
That was interesting. Most international roaming carries data traffic back through the home network or a partner exit — which is also why you can often reach Google from China on a foreign SIM. But the actual routing is the carrier’s call. What I observed was an exit not in Taiwan but via a Hong Kong cloud datacenter ASN. How Taiwan Mobile actually routes roaming traffic in China, I can’t say for certain; I’m only recording what I saw. From my side, I was on a Taiwan SIM’s international roaming. From Claude’s server side, the visible source was a Hong Kong cloud datacenter IP.
At this point, three hypotheses were on the table. First, Anthropic doesn’t support Hong Kong, so this exit is disqualified outright. Second, this ASN belongs to a cloud operator, with characteristics resembling datacenter or proxy traffic — meaning it could be flagged by the server’s risk scoring. Third, Cloudflare or Anthropic’s GeoIP risk logic placed this path in a restricted region. All three were still hypotheses, but the problem had narrowed from “Claude is broken” to “this exit path has been classified as unsupported.”
Why Does 302 Becoming 403 Count as Progress?
To test whether the exit path was genuinely the cause, I needed a controlled comparison: change the one variable (exit location) and run the test again. I opened Proton VPN’s free tier and selected a Japan node.
A quick note on my situation: I’m a Taiwan-based user with a legitimate account, traveling on a business trip. What follows is a debugging exercise aimed at isolating which layer the problem lives in.
Running curl -I https://claude.ai again returned:
HTTP/2 403
cf-mitigated: challenge
Still an error on the surface, but from an engineering standpoint it was good news. The 302 app-unavailable-in-region was gone. The 403 here isn’t a failure — it means the regional classification layer has already passed this request through, and a different system (bot protection) has taken over. Many engineers see a 403 and assume things got worse; it’s actually a signal that the approach is working.
The verification itself had to happen in a browser: Claude Desktop won’t surface the verification page on its own. Once I completed the Cloudflare challenge in the browser and reopened Desktop, service came back normally. That behavior fits what a well-designed regional classification system should do: when the path returns to a supported region, access is restored.
The investigation had converged. The problem wasn’t Claude Desktop, wasn’t macOS, and wasn’t an account issue. It was that my roaming path’s Hong Kong exit IP, or its network characteristics, had been classified by Anthropic as an unsupported region. Whether the specific signal was GeoIP, ASN, IP reputation, Cloudflare’s risk score, or some combination isn’t something you can confirm from the outside.
Why Has AI Acquired Geopolitical Character?
Whether Claude worked that evening was a minor inconvenience. What I kept thinking about was what the debugging process had illuminated: AI is moving from ordinary cloud service toward infrastructure with real geopolitical weight.
Export controls used to call to mind GPUs, lithography machines, EDA software. Now the models themselves are folded into the same logic. Anthropic’s official supported-regions list includes Taiwan, Japan, and others — mainland China and Hong Kong are not on it. In September 2025, Anthropic went further, restricting companies majority-owned by entities in unsupported regions: businesses more than half-controlled by a parent company in China or another unsupported country are barred regardless of where they’re incorporated. In February 2026, Anthropic published a report on detecting and preventing distillation attacks, naming several Chinese model companies that used approximately 24,000 fake accounts and over 16 million conversations to extract Claude’s capabilities; one proxy network was operating more than 20,000 fake accounts simultaneously. The report also drew a direct line to export controls: the capability gap that chip restrictions were designed to maintain can’t be allowed to close through distillation from the back door.
WIRED recently reported on the other side of this cat-and-mouse game: users inside China continue to route around the blocks through fake identities, account markets on Taobao and Telegram, and API resellers, while Anthropic keeps tightening its detection — the most aggressive enforcer among US model companies, directly suspending accounts it suspects are controlled by people inside China. That tells you the classification signals extend well beyond IP addresses. ASN, proxy type, account behavior, geographic signal consistency — all of these likely feed into the risk model. Even if your IP looks like it’s outside China, the server may be asking a different question: are you actually inside China?
This also explains the other observation from that evening: ChatGPT was accessible on the same path. OpenAI’s supported-regions list also excludes mainland China and Hong Kong. Even where policies are similar, enforcement can differ substantially between providers.
What Should Enterprises Ask About Their AI Tools?
The old SaaS logic was straightforward: if you have internet, you can use it. In the age of AI agents, the questions have multiplied. Who are you? Where are you? Who controls your company? Where does your traffic exit? In the eyes of the provider’s risk systems, does your usage pattern look like someone inside a restricted region routing around a block?
Model capability, pricing, context window length, API cost — these comparisons still matter. But enterprises need to add one more question: if policy changes one day, can this model keep serving us? Twenty years ago, a company’s competitive position depended on whether it could get online. To some degree, it’s beginning to depend on whether it can reach a particular AI.
This thread — order before capability — is something I follow in the AI and Human Order topic section.
What’s Worth Keeping from This Investigation?
Looking back, the least important detail in this whole episode is which VPN I ended up using. Five years from now, that VPN will likely be gone. The debugging approach will still apply.
Rather than immediately swapping VPNs, changing SIMs, reinstalling Claude, or rebooting, I worked through it in sequence:
- Read the HTTP response:
302 app-unavailable-in-region— the regional classification layer is rejecting. - Confirm the exit IP: landed in Hong Kong.
- Confirm the ASN: a cloud datacenter, with characteristics consistent with proxy traffic.
- Change the single variable (exit location) and observe whether the HTTP status changes: 302 became 403.
In engineering terms, this is called changing one variable at a time. The whole process has only three sentence types: I observed, I inferred, I verified. Many failures aren’t actually “fixed” — they’re traced to their real cause by a disciplined method.
My Conclusion: AI Workflows Need Geopolitical Redundancy
That night in Shanghai made me look at my own AI workflow differently. The lesson of not letting any single service become a mandatory chokepoint was one I learned with the GitHub suspension incident. That was about code hosting. This time, the lesson reaches the model layer.
Redundancy runs along two axes. On the model axis, Claude can be the primary tool; alternatives like Codex protect against single-provider risk — somewhere to go if an account gets suspended or a service goes down. But in a China scenario, switching to another American model isn’t redundancy: OpenAI and Google’s supported-regions lists also exclude mainland China, and the policy risk is identical. Defending against the geopolitical axis means having locally accessible models in China. On the network exit axis, maintain more than one exit path, and know where each one actually exits. If any single link in that chain — one model, one access point, one exit — gets classified as unsupported, the whole workflow stops.
That evening, I started out trying to fix Claude Desktop. What I actually fixed was my understanding of AI infrastructure. The model capability leaderboard turns over every quarter. Whether you can access any of it has, quietly, become a geopolitical question first.
Fact-check sources: Anthropic Supported countries & regions; Anthropic Updating restrictions of sales to unsupported regions (2025-09-05); Anthropic Detecting and preventing distillation attacks (2026-02-23); WIRED How People in China Keep Outsmarting Anthropic’s Geolocation Restrictions
💬 Comments
Loading...