In our environment, we operate behind a corporate firewall and all traffic goes through a corporate proxy server which requires authentication for non-80/443 traffic. Simply pointing cyberduck at our proxy server does not work because I guess cyberduck is user some other protocol when accessing S3 and in that case, the proxy expect NTLMv4 authentication. To work around issues like this, I run cntlm locally. When using S3Brower, I can explicitly tell S3Browser to use my local cntlm without touching the "system proxy" info used by my browsers. I would need cyberduck to support this in order to be able to use it instead of S3Browser.