So I noticed two things.
For URLs, posts are only differentiated by their name. It seems highly likely that the same name will be used a second time at some point for a post... will this cause problems with the current system?
I see other content sites using subfolders to differentiate - for instance folders for the year, month and day. Yet other sites attach a hash or a randomly generated number in the URL.
For avatar images - sites generally rename them with a unique number so the old name is no longer visible by the public. Users tend not to think about privacy issues with the name of the photo, so for instance a user who wants their real name to remain private may not think to remove it from the filename of their avatar. Currently, Narrative leaves the filename as is. Any one right clicking on someone's avatar stands a chance of discovering private information about location or identity.
One could argue that the user should be more diligent about scrubbing their image of information they don't want disseminated, but because other social media sites rename images, some users may expect that to be happening here too. I also believe we have some degree of duty of care to do what we can to prevent private information from being disseminated, even if it is through ignorance or inattention of the user. I think images can sometimes contain GPS data if they were taken on a geo aware device. It might be a good idea for Narrative to scrub that metadata clean before displaying the avatar selfies too.