diff --git a/README.md b/README.md
index d07f5bc..685035c 100644
--- a/README.md
+++ b/README.md
@@ -25,14 +25,20 @@ which is not what you want.
 Run:
 
 ```
-GOPROXY=direct sudo go run sneak.berlin/go/mullvadclosest/cmd/mullvadclosest@latest
+GOPROXY=direct go run git.eeqj.de/sneak/mullvadclosest/cmd/mullvadclosest@4dd5e871f830ff62bb30c2290623ad9d8c4d4554
 ```
 
-(The GOPROXY=direct means to download the code directly from my servers, not
+The GOPROXY=direct means to download the code directly from my servers, not
 the Google-operated golang module proxy. Given that you're running this
 program as root from a random place on the internet, downloading it directly
 from me avoids the case where Google can serve you arbitrary code that runs
-on your machine.)
+on your machine.
+
+The full git commit hash is provided to ensure that you're running the
+specific version of the code that I've tested and that you're expecting to
+run.  Don't do "git run <whatever>@latest" because it's just granting random
+people code exec on your machine.  (Same goes for docker images that use
+*any* tag that uses `:` instead of a specific hash identified by `@`.)
 
 # Example output