There are a number of ways to demonstrate that you are not doing business in the EU and thus do not have to comply with the GDPR and can refuse tracking-free access.
But yes, I do see that Atlas Obscura does do that. On their privacy policy page, I find:
> The Website is hosted in the United States and is intended for and directed to users in the United States. If you are accessing the Website from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure, that differ from United States laws, please be advised that through your continued use of the Website, which is governed by U.S. law, this Privacy Policy, and our Terms of Use, you are transferring your personal information to the United States and you consent to that transfer.
Edit: Upon reflection, I don't think that this satisfies GDPR. They would need to entirely deny access to users in the EU. Just telling them that US law applies, and that they can access the site only if they agree to give up their rights, doesn't suffice.
But I guess that we'll see. I'm sure that complaints have been lodged.
I think the key part is this assertion: "The Website is hosted in the United States and is intended for and directed to users in the United States." As long as there aren't other indications that the business is actually doing business in the EU (e.g. has German or French localization, sells stuff to EU based customers, etc), this helps demonstrate that they don't need to comply with the GDPR.
While there are many companies that have chosen to try and block users in the EU, I don't think this is required, or intended by GDPR.
The company I work for interprets it as any EU citizen any where on the globe, so we just implemented GDPR for every one regardless of their location or particulars.
I hate popups that can't be dismissed. But reader mode works regardless, at least.