Chinese users are playing an elaborate cat-and-mouse game with Anthropic, finding creative workarounds to access Claude AI despite increasingly strict geolocation restrictions. The AI safety company's latest crackdown has spawned a thriving underground market on Telegram, where users trade proxy services and fake identity credentials to bypass regional blocks. The ongoing battle reveals the practical limits of AI geofencing and raises questions about whether geographic restrictions can truly contain access to frontier AI models.
Anthropic thought it had closed the door on Chinese users accessing Claude. Users just found another window. Despite the AI company's efforts to tighten geolocation restrictions, a sophisticated ecosystem of workarounds has emerged, turning access to the banned AI assistant into a game of digital cat-and-mouse.
The latest crackdown came as Anthropic implemented stricter verification measures, blocking VPN traffic and flagging suspicious account patterns. But within days of each new restriction, Chinese users adapted. According to Wired's reporting, the workarounds have become increasingly creative, ranging from residential proxy networks that mask true locations to elaborate fake identity schemes.
Telegram has become the primary marketplace for these circumvention tools. Channels with thousands of members openly advertise Claude access packages, complete with verified accounts, payment methods, and step-by-step guides. Some services offer pre-configured proxy setups for as little as $10 per month, while premium packages include full identity kits with overseas phone numbers and payment cards.
The proxy services represent just the first layer of evasion. More sophisticated users are purchasing complete digital identities, including overseas addresses and identity documents, sourced through Telegram vendors. These fake credentials allow them to pass Anthropic's verification checks, which rely on phone numbers, payment information, and IP addresses to determine user location.
Anthropic finds itself in an increasingly difficult position. The company implemented geographic restrictions partly due to U.S. export controls and concerns about Chinese government access to frontier AI systems. But each enforcement measure triggers a more sophisticated response from users determined to access Claude's capabilities.
The situation mirrors broader challenges facing AI companies trying to control access to their models. While OpenAI and Google have implemented similar restrictions in various regions, enforcement remains porous. Chinese developers and researchers argue they need access to cutting-edge AI tools to remain competitive, making the demand for workarounds substantial.
Security researchers point out that the Telegram-based evasion networks operate with surprising openness. Vendors advertise their services publicly, confident that the decentralized nature of the operation makes enforcement nearly impossible. When one channel gets shut down, three more pop up, often run by the same operators under different names.
The technical sophistication of the workarounds continues to evolve. Early methods relied on simple VPN connections, which Anthropic quickly learned to detect and block. Current approaches use residential proxy networks that route traffic through legitimate home internet connections worldwide, making the traffic virtually indistinguishable from authentic users.
Some Chinese tech workers have turned circumvention into a side business, offering "shared account" services where multiple users access Claude through a single verified account. These services carefully manage usage patterns to avoid triggering Anthropic's fraud detection systems, rotating users and limiting queries to appear like normal individual usage.
The underground market has also spawned specialized services. Some vendors focus exclusively on acquiring overseas phone numbers needed for account verification. Others specialize in payment processing, offering virtual credit cards tied to foreign addresses. The ecosystem has become remarkably efficient, with vendors offering customer support and refund policies.
Anthropic hasn't publicly commented on the specific evasion tactics, but the company continues to refine its detection systems. Recent updates suggest the company is implementing more sophisticated behavioral analysis, looking at usage patterns and query types rather than just geographic signals. But users adapt quickly, sharing tips on Telegram about which behaviors trigger flags.
The situation raises fundamental questions about the viability of geographic AI access controls. If determined users can consistently bypass restrictions using readily available tools, do such controls serve their intended purpose? Some policy experts argue that geofencing creates a false sense of security while pushing legitimate users toward unregulated channels.
Industry observers note that the cat-and-mouse game consumes significant resources on both sides. Anthropic must constantly update detection systems, while users invest time and money in circumvention tools. The question is whether this enforcement model remains sustainable as AI models become more widely deployed and evasion techniques more sophisticated.
The escalating battle between Anthropic and Chinese users exposes a deeper truth about AI governance in a connected world. Geographic restrictions sound straightforward in policy documents but prove remarkably difficult to enforce against motivated users with technical skills. As AI models become more capable and valuable, the incentive to bypass restrictions only grows stronger. The Telegram marketplaces aren't going away - they're becoming more sophisticated. Whether through better verification technology or alternative policy approaches, the industry needs to grapple with the reality that digital borders remain frustratingly porous. The question isn't whether users will find workarounds, but whether companies and policymakers can design access controls that actually serve their intended purpose without creating sprawling underground markets.
