Incorrect... You sometimes had to download binaries from a source outside the US. Usually not, since the user was simply expected to click the link for the non-US version.
In cases where the server actually looked at your source IP you could either proxy or just download the binary from a source in Europe. The dev teams were and still are seldom located in the US alone, but distributed all over the world. The authors of encryption packages were often not US citizens, either.
The rest of the world looked at the US policy on encryption with wide-eyed disbelief due to the horrifying ignorance that just had to lie behind it.
The US is far from the only western country that had laws restricting the use of cryptography, and export rules governing crypto were common throughout Europe as well.
Back in Australia in 1994 or so, I clicked on a download link for PGP without really reading the warnings, reading them during the download, and then wondering when the US SWAT team was going to swing through my window.
In cases where the server actually looked at your source IP you could either proxy or just download the binary from a source in Europe. The dev teams were and still are seldom located in the US alone, but distributed all over the world. The authors of encryption packages were often not US citizens, either.
The rest of the world looked at the US policy on encryption with wide-eyed disbelief due to the horrifying ignorance that just had to lie behind it.