[supertrope]

FDE means you don't leak data to unencrypted parts of the file system. Temporary files and browser cache are areas sensitive information can be inadvertently left behind. With FDE you can check off the box "encrypted at rest" without having to qualify it with asking if the data is in the right folder or vault, if temp files are overwritten, etc.

[neodymiumphish]

Right. But technically "every sector of the disk" isn't necessarily what bossware needs to wipe if an unencrypted laptop is taken. Only eelements which allow access to crown jevels, relevant credentials, etc.

I'm an advocate for FDE across the board (literally all of my devices are on Windows 11 Pro, primarily so I at least have access to Bitlocker across the board), but it's disingenuous to claim that the only alternative to FDE when a device is taken would be to initiate a sector-by-sector wipe. He was responding to ilyt's comment about how only certain data is worth encrypting on pretty much every personal device (and we are talking about Win 11 Pro, not Enterprise).