Where is this method documented? Because if you aren't full of shit, then I'd like to pressure Apple to fix it.

I found https://github.com/assafdori/bypass-mdm and the bash script does “neuter” 3 domains via /etc/hosts editing

But no idea how stable/reliable this it.

It's unclear that it works around Apple Find My, unclear that it's executable starting with a locked device, or that it's permanent.

At this point, I've seen no evidence that FireBeyond's extraordinary claims have any merit.

What does Find My have to do with MDM?

I have Find My running on this computer (which is unlocked) now. I've upgraded from Monterey to Tahoe without issue (startup that went AWOL).

However, you touch on two things - 1) I have no idea (and doubt) that this would bypass a device that has been locked, and 2) newer versions may not be as vulnerable. This computer is an M1, and Monterey can be made to go through a full install process without internet access, as described, but newer versions will not (or they may, but I couldn't find a way to force it with Sonoma or later). That means if I do an erase, I have to do a new Monterey install, and then upgrade (but nothing untoward there, don't have to do iterative updates).