Personal Encryption 101: A BEGINNER'S GUIDE TO PROTECTING YOUR MESSAGES, MASKING ONLINE MOVEMENTS, AND STEERING CLEAR OF DIGITAL SNOOPS.

• Author: Brown, Elizabeth Nolan

IN 2016, A lone Romanian hacker going by the name Guccifer 2.0 claimed credit for the leak of sensitive internal Democratic National Committee emails. But the would-be hacker celeb's story was quickly debunked by a single nonmasked login from a device at the headquarters of the Russian intelligence service, thus turning what looked like a tech security problem into an international spy scandal. That high-stakes slip-up shows just how stringent one must be to get away with online chicanery these days, when one's every login and keystroke can be tracked through an array of digital identifiers.

But you needn't be engaged in espionage, or anything illegal, to benefit from better digital privacy practices. From surveillance-happy state actors and data-harvesting advertisers to popular email clients, social media apps, and other ubiquitous web tools, there are plenty of potential peepers looking to glimpse your digital data (and potentially share it with or sell it to others).

Traditional privacy protection methods--strong passwords and security questions, plus two-step authentication--are your first line of defense. But they may not cut it if convoluted terms of service give sites more leeway with your data than you realize, if hackers breach the servers where companies store your data, or if the authorities decide they want to see the contents of your texts, chats, and inbox.

"Email remains one of the least secure means of communication, and has been likened to sending a postcard--basically anyone along the way who's interested can read the contents of a message," writes journalist Jonas DeMuro in the U.K.'s Tech-Radar. This is because "an email is not a direct communication, but rather goes via several intermediaries... with multiple copies of the message stored at each server, and further copies on both the sender and recipient's computer." Deleting something, in other words, doesn't come anywhere close to actually eliminating it.

Email also typically lacks strong protections against access by law enforcement agencies. Under the Electronic Communications Privacy Act, authorities can obtain message content without a warrant after 180 days. (Many providers won't agree to give up your data without a warrant, but they could.)

True online anonymity requires elaborate measures--think a separate device for the anonymous identity, separate phone numbers, use of a virtual private network (VPN) for every login. But most people don't need, or even want, total anonymity.

For most of us, privacy can be drastically improved with a few simple (and free) tweaks and tools. In countries like Turkey, where many websites are censored, they can be essential for the most basic online communications. But even in the U.S. and other Western democracies, these services are enjoying a surge in popularity, thanks to sudden skepticism about the data-security practices of social media giants and increasingly invasive government speech codes for the digital sphere. If you too are ready to take back some of your online privacy, this is a guide to getting started.

TO KEEP YOUR EMAIL SAFE

ENCRYPTION, ENCRYPTION, ENCRYPTION. Encrypted email services scramble your data so only you and the message recipient(s) can view a readable version. The undecipherable copy is what passes through and gets stored on the email client's servers, so even if they're hacked, subpoenaed, or cursed with nosy employees, your...