I don't use non-OSS anymore on my fedora machines, but I do still use Steam on the Manjaro install on my gaming rig, which also has my windows gaming install, and nothing else, it's only for games, because frankly, proprietary software and DRM turns any PC into a gaming console, so yeah, I have a very expensive gaming console that used to be a PC lol...
But I do the following:
1. make a steam group, with only permissions to the /home/.dirs where the games and the steam client are and the /home/dir where the steam and game user data is located. This avoids any and all access to files outside of that permission group. I also don't allow the user group to have 7-perms on the steam/game dirs and .dirs, only 5-perms. That circumvents possible behind the back or incidental safety issues.
2. Tomoyo 2.0 will learn what system access Steam and games require, and you can manually enforce denial of access, which is what I do, I only allow the access that causes stoppage if I don't allow it, which is basically only the system ID data retrieval and some basic networking functions, but even with a bunch of denial errors for everything else, Steam and games still seem to work just fine. Tomoyo doesn't weigh as heavily on the system as SELinux, it's also not quite as safe, an alternative would be Akari, which has automatic enforcement like a real MAC, so like SELinux or Tomoyo 1.0, but doesn't require to recompile the kernel of distros that don't have the Tomoyo or SELinux extensions enabled.
3. I set Firewalld to blocking profile, which blocks all services, also excluding things like ipp for instance, and Steam seems to work just fine, so it's probably not as nefarious as it could be, but just to be on the safe side...
4. Steam uses only 32-bit libs and deps, few no_arch deps, so it's easy to compartimentalize without breaking stuff. Steam does have access to your Firefox bookmarks because it needs to store data in order to function and partly uses the same data location as regular Firefox. But that was never a problem for me, because I don't use bookmarks or cookies or any other local browser storage apart from a self-destructing very small HTML5 storage that is required. I use Zotero, which installs as standalone FOSS package in linux, and from there installs LibreOffice and Firefox extensions, and I use it primarily for research references, but also for Bookmarks, because it syncs on a trusted non-commercial server and with Zandy and Scan to Zotero I also have all functionality securily on my Android phone without gapps (both apps are available through F-Droid), and Zotero also saves a snapshot of the content that you add, so it's way more efficient than bookmarking. So that's my solution.
5. In general, I hate the fact that perfectly safe linux systems are being perverted by proprietary malware, which is why I'm not supporting it any longer on my daily use machines. US companies are discovering now what Tencent in China has discovered almost a decade ago, that you can go very far in perverting open source for commercial benefit, and that's what's happening now with linux if the users aren't careful. In fact, I think they are more careful than Valve and others had expected, and they will need to bring out their own console-like linux distro (maybe the future of Ubuntu?) to have the performance benefit of linux without the security benefit. I don't think it's up to the users to adapt to the industry, I think it's up to the industry to adapt to the users, so no more proprietary software on my machines, except on my gaming rig, which I consider consolized, in linux and in windows, and no longer consider a PC.