The process of requesting locations for a certain tag is not tied to any Apple Account. In the instructions in the README, when logging into macless haystack, you can just use a burner account.
It doesn't mention a burner account anywhere, but as the author of FindMy.py, I happen to know how this stuff works :-). But yes, create a new account (either through an Apple device or the website or w/e), attach it to an Apple device or hackintosh at least once, then log out again.
It is a cryptography heavy, privacy-oriented protocol somewhat specific to the behavior apple wants, which is tied to social behavior. E.g. it is meant to track lost items, not stolen items and not people.
My understanding of how it is all supposed to work:
You get a key-generating-key at provisioning time. The tag itself has three modes depending on whether it is in contact with one of your devices, and further whether it has been out of contact more than a certain period of time.
When not in contact, it will advertise itself with a rotating public key based partially on a rotating Mac address. An Apple device which sees it will encrypt location data based on that key and send it to apple to store under that public key as a mailbox. A device which continues to see it while moving will start to alert the person holding that device that there may be an AirTag tracking them.
The tag itself has NFC functionality which provides information for helping find the owner, and on Apple's side this is meant to be tied to a real identity to aid LE if there's an abuse scenario.
After a certain amount of time not seeing another device, an AirTag will start to make sounds to alert people where it is when an Apple device comes into range.
When you want to find your item, you anonymously query it under its rotating key information, and use your knowledge of the private key generation to get location information. Since there's nothing Apple uses to correlate these entries, there may be multiple records over time although Apple's UI only shows the newest entry found.
So yes, there's anonymity in being near devices but limited so that someone can know they are being tracked. There's anonymity in querying location. However, there's not meant to be anonymity with physical access.
I thought it was designed to prevent unwanted people from tracking you. If I bought an airtag, you could track it? Without authentication or authorization?
Only if you have the private key belonging to the AirTag at the time of location capture. Anyone can download encrypted location reports for any AirTag found in the wild, but only the owner can decrypt them with the private key.
These custom tags are not tied to any account; Apple can't tell whether a tag found in the wild is "legit" or not, so registering it is not necessary. You can use your main account if you want, but if you request too many location reports too often, they will ban your account.
“You will be asked for your Apple-ID, password and your 2FA”
You mean get another apple device and setup another account?