One caution
Poloniex aims to reasonably identify each user by cross-checking user data against governmental watch lists such as OFAC, as well as 3rd party identity verification and authentication services. If a user or a users transaction is flagged as suspicious through our internal controls, Poloniex will require additional proof of identification from the user and has the right to not permit any trades, deposits, and/or withdrawals until additional and verifiable proof of identity is received and the Compliance Officer has approved the user for use of the Platform.
In other words, if you do business there you are at risk of having your coins held ransom for whatever "additional proof" they want, and also possibly the discretion of their Compliance Officer before giving them back.
What does that mean for services like xmr.to and shapeshift.io, do they have the balls to continue operate?
shapeshift is located in swizerland. they are a registered company with shares, but i do not think they are forced to implement KYC or AML programms soon, since nothing like an MSB rule for crypto companies exists yet. However, US law reaches everywhere sooner or later, take FACTA as an example. Also laws in swizerland regarding foreign money became a lot stricter the past years.
i do not know about xmr.to, but this kind of service could be hosted everywhere, its impossible to control
I meant that their business is to buy and sell XMR on poloniex. What will poloniex think of their business, will it rise suspicious transaction flags?