If your primary risk comes from people you know maliciously or non-maliciously looking through your devices, here are some simple defaults that minimize what you leave as your digital detritus.
Does this prevent someone who is monitoring your internet connection, whether a network admin or your Internet Service Provider (ISP) from seeing what websites you are visiting? No.
Does this prevent a forensics expert from determining which sites you've visited? No, but it makes it harder.
Does this keep you from being tracked by advertisers? No, but it can help.
Does this minimize your chances of being embarrassed by your search history and someone looking at your browsing history? Yes.
There are use cases for Incognito mode but know its limitations.
Disappearing messages can allow you to have a safe default, where you can set the expiration of messages at a point in time in the future. This minimizes the total amount you could leak if your phone/email/chat account was compromised.
Disappearing messages certainly aren't going to stop someone from saving a message if they want to, but they will make them less likely to be found and saved later, and that can fit your risk model.
Just because a message is disappearing (cough Snapchat) or encrypted (Telegram's Default), that does not mean it is End to End (E2E) encrypted. E2E guarantees that messages can only be read by the intended recipients, so not even the server owners can read the contents. I personally recommend the Signal app for most needs.
Signal takes this idea of E2E even farther and does not send Metadata to the servers. This means that even if they wanted to, they are not able to tell which of their users is talking to who, or when. This idea of minimizing metadata is huge.
As mentioned earlier, if the product is free, the product is you, but in this case... not true! Signal is run by an absolute stud of a cyberpunk named Moxie Marlinspike, and he is the coolest hacker on earth. Read up on him a bit and be inspired.
Full Disc Encryption (FDE)
To go one step further, if your phone or computer is stolen and the contents aren't encrypted, even without the password it is fairly straightforward to just pull all the information from it. With full disc encryption, all data is encrypted at rest and has to be decrypted every time the device boots with a secret key. This means that if someone steals your device and tries to take the data off it they will not be able to, ensuring the confidentiality of your personal files.
iPhones take this one step farther and encrypt the phone every time the lock screen is set, by default. This secure default has gone a long way towards making Apple the privacy and security company.
If you are on Android, it is possible to enable FDE, but going to lock screen does not encrypt all contents, only shutting down the phone.
For Windows, here is a decent guide: Microsoft Secure Boot and Encryption Overview.
If you want to enable this, Google should point you in good directions.
Encrypted Partitions / VMs
If you are not worried about a technical threat, it is not a terrible idea to work from a VM and just turn it off every time you finish using it, but there are a ton of ways that could go wrong, and you could always be instructed by whoever is instructed to turn it on and unlock it.
What's the actually secure way to do things on a computer? The generally accepted answer is to mount an encrypted partition in your OS, and use that to hold a VM to do your important work on. If you are interested in this, here's a guide. That gives you some deniability, especially with the ability to make multiple partitions that unlock using different passwords.
Remember though, if you get hacked on the host computerd, you get hacked in the VM as well. There are also security operating systems, most notably Qubes-OS that is specifically designed for secure computing, but it's designed to be installed on its own dedicated device, and few people want to do that. If your threat model requires Qubes, you shouldn't be getting advice from this website.
So let's say you work off of a secure OS or from a TrueCrypt partition, what risks remain?
So I mentioned full disc encryption in the last section, but what's the actually secure way to do things on a computer? The generally accepted answer is to mount an encrypted partition in your OS, and use that to hold a VM to do your important work on. If you are interested in this, here's a guide.
That gives you some deniability, especially with the ability to make multiple partitions that unlock to different passwords. Remember though, if you get hacked on the outside, you get hacked in the VM as well.
Tails and Other Risk Focused Operating Systems
On the absolute farthest end of the spectrum are security-focused operating systems, which prioritize your data's safety over anything else, especially usability.
Tails which runs off of a USB stick and when shutdown erases all the new data created, leaving no trace it was ever run. Think of it like a forensically secure incognito mode for your computer.
If you still want to save files between reboots, there are other options, most notably Qubes-OS, that are specifically designed for secure computing.
If you do all your work in Tails and you only use E2E encrypted messaging that disappears, you are probably pretty safe, and also pretty paranoid. If your threat model actually requires Qubes or Tails, you shouldn't be getting advice from this website.
To wrap up, minimize logs, minimize messages, minimize metadata. By applying these defaults you can minimize risk, even without requiring encryption or passwords, which are easily subverted in person.