One question though, if for some reason a poorely designed app discards data through /dev/null, is it tamper proof? Meaning can any other process or user access that information? (In runtime)
I think it is possible for a process with root to delete the existing /dev/null and replace it with a normal file (likely to produce system instability) or a new character device (could probably be mostly transparent to anyone who didn’t know where to look for it storing its data), in which case anything sent to it could be captured.
